This report contains detail for the following vulnerabilities:
CVE Issued by | Tag | CVE ID | CVE Title |
---|---|---|---|
Microsoft | .NET | CVE-2024-21392 | .NET and Visual Studio Denial of Service Vulnerability |
Microsoft | Azure Data Studio | CVE-2024-26203 | Azure Data Studio Elevation of Privilege Vulnerability |
Microsoft | Azure SDK | CVE-2024-21421 | Azure SDK Spoofing Vulnerability |
Intel Corporation | Intel | CVE-2023-28746 | Intel: CVE-2023-28746 Register File Data Sampling (RFDS) |
Microsoft | Microsoft Authenticator | CVE-2024-21390 | Microsoft Authenticator Elevation of Privilege Vulnerability |
Microsoft | Microsoft Azure Kubernetes Service | CVE-2024-21400 | Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability |
Microsoft | Microsoft Django Backend for SQL Server | CVE-2024-26164 | Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability |
Microsoft | Microsoft Dynamics | CVE-2024-21419 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
Chrome | Microsoft Edge (Chromium-based) | CVE-2024-2174 | Chromium: CVE-2024-2174 Inappropriate implementation in V8 |
Chrome | Microsoft Edge (Chromium-based) | CVE-2024-2173 | Chromium: CVE-2024-2173 Out of bounds memory access in V8 |
Chrome | Microsoft Edge (Chromium-based) | CVE-2024-2176 | Chromium: CVE-2024-2176 Use after free in FedCM |
Microsoft | Microsoft Edge for Android | CVE-2024-26167 | Microsoft Edge for Android Spoofing Vulnerability |
Microsoft | Microsoft Exchange Server | CVE-2024-26198 | Microsoft Exchange Server Remote Code Execution Vulnerability |
Microsoft | Microsoft Graphics Component | CVE-2024-21437 | Windows Graphics Component Elevation of Privilege Vulnerability |
Microsoft | Microsoft Intune | CVE-2024-26201 | Microsoft Intune Linux Agent Elevation of Privilege Vulnerability |
Microsoft | Microsoft Office | CVE-2024-26199 | Microsoft Office Elevation of Privilege Vulnerability |
Microsoft | Microsoft Office SharePoint | CVE-2024-21426 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
Microsoft | Microsoft QUIC | CVE-2024-26190 | Microsoft QUIC Denial of Service Vulnerability |
Microsoft | Microsoft Teams for Android | CVE-2024-21448 | Microsoft Teams for Android Information Disclosure Vulnerability |
Microsoft | Microsoft WDAC ODBC Driver | CVE-2024-21451 | Microsoft ODBC Driver Remote Code Execution Vulnerability |
Microsoft | Microsoft WDAC OLE DB provider for SQL | CVE-2024-21441 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
Microsoft | Microsoft WDAC OLE DB provider for SQL | CVE-2024-26161 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
Microsoft | Microsoft WDAC OLE DB provider for SQL | CVE-2024-26166 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
Microsoft | Microsoft WDAC OLE DB provider for SQL | CVE-2024-21444 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
Microsoft | Microsoft WDAC OLE DB provider for SQL | CVE-2024-21450 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
Microsoft | Microsoft Windows SCSI Class System File | CVE-2024-21434 | Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability |
Microsoft | Open Management Infrastructure | CVE-2024-21330 | Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability |
Microsoft | Open Management Infrastructure | CVE-2024-21334 | Open Management Infrastructure (OMI) Remote Code Execution Vulnerability |
Microsoft | Outlook for Android | CVE-2024-26204 | Outlook for Android Information Disclosure Vulnerability |
Microsoft | Role: Windows Hyper-V | CVE-2024-21407 | Windows Hyper-V Remote Code Execution Vulnerability |
Microsoft | Role: Windows Hyper-V | CVE-2024-21408 | Windows Hyper-V Denial of Service Vulnerability |
Microsoft | Skype for Consumer | CVE-2024-21411 | Skype for Consumer Remote Code Execution Vulnerability |
Microsoft | Software for Open Networking in the Cloud (SONiC) | CVE-2024-21418 | Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability |
Microsoft | Visual Studio Code | CVE-2024-26165 | Visual Studio Code Elevation of Privilege Vulnerability |
Microsoft | Windows AllJoyn API | CVE-2024-21438 | Microsoft AllJoyn API Denial of Service Vulnerability |
Microsoft | Windows Cloud Files Mini Filter Driver | CVE-2024-26160 | Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability |
Microsoft | Windows Composite Image File System | CVE-2024-26170 | Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability |
Microsoft | Windows Compressed Folder | CVE-2024-26185 | Windows Compressed Folder Tampering Vulnerability |
Microsoft | Windows Defender | CVE-2024-20671 | Microsoft Defender Security Feature Bypass Vulnerability |
Microsoft | Windows Error Reporting | CVE-2024-26169 | Windows Error Reporting Service Elevation of Privilege Vulnerability |
Microsoft | Windows Hypervisor-Protected Code Integrity | CVE-2024-21431 | Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability |
Microsoft | Windows Installer | CVE-2024-21436 | Windows Installer Elevation of Privilege Vulnerability |
Microsoft | Windows Kerberos | CVE-2024-21427 | Windows Kerberos Security Feature Bypass Vulnerability |
Microsoft | Windows Kernel | CVE-2024-26177 | Windows Kernel Information Disclosure Vulnerability |
Microsoft | Windows Kernel | CVE-2024-26176 | Windows Kernel Elevation of Privilege Vulnerability |
Microsoft | Windows Kernel | CVE-2024-26174 | Windows Kernel Information Disclosure Vulnerability |
Microsoft | Windows Kernel | CVE-2024-26182 | Windows Kernel Elevation of Privilege Vulnerability |
Microsoft | Windows Kernel | CVE-2024-26181 | Windows Kernel Denial of Service Vulnerability |
Microsoft | Windows Kernel | CVE-2024-26178 | Windows Kernel Elevation of Privilege Vulnerability |
Microsoft | Windows Kernel | CVE-2024-26173 | Windows Kernel Elevation of Privilege Vulnerability |
Microsoft | Windows Kernel | CVE-2024-21443 | Windows Kernel Elevation of Privilege Vulnerability |
Microsoft | Windows NTFS | CVE-2024-21446 | NTFS Elevation of Privilege Vulnerability |
Microsoft | Windows ODBC Driver | CVE-2024-21440 | Microsoft ODBC Driver Remote Code Execution Vulnerability |
Microsoft | Windows ODBC Driver | CVE-2024-26162 | Microsoft ODBC Driver Remote Code Execution Vulnerability |
Microsoft | Windows ODBC Driver | CVE-2024-26159 | Microsoft ODBC Driver Remote Code Execution Vulnerability |
Microsoft | Windows OLE | CVE-2024-21435 | Windows OLE Remote Code Execution Vulnerability |
Microsoft | Windows Print Spooler Components | CVE-2024-21433 | Windows Print Spooler Elevation of Privilege Vulnerability |
Microsoft | Windows Standards-Based Storage Management Service | CVE-2024-26197 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability |
Microsoft | Windows Telephony Server | CVE-2024-21439 | Windows Telephony Server Elevation of Privilege Vulnerability |
Microsoft | Windows Update Stack | CVE-2024-21432 | Windows Update Stack Elevation of Privilege Vulnerability |
Microsoft | Windows USB Hub Driver | CVE-2024-21429 | Windows USB Hub Driver Remote Code Execution Vulnerability |
Microsoft | Windows USB Print Driver | CVE-2024-21442 | Windows USB Print Driver Elevation of Privilege Vulnerability |
Microsoft | Windows USB Print Driver | CVE-2024-21445 | Windows USB Print Driver Elevation of Privilege Vulnerability |
Microsoft | Windows USB Serial Driver | CVE-2024-21430 | Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||
CVE-2024-20671
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Defender Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.5/TemporalScore:4.8
Executive Summary: None FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An authenticated attacker who successfully exploited this vulnerability could prevent Microsoft Defender from starting.
See Manage Updates Baselines Microsoft Defender Antivirus for more information. Microsoft Defender is disabled in my environment, why are vulnerability scanners showing that I am vulnerable to this issue? Vulnerability scanners are looking for specific binaries and version numbers on devices. Microsoft Defender files are still on disk even when disabled. Systems that have disabled Microsoft Defender are not in an exploitable state. Why is no action required to install this update? In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Windows Defender Antimalware Platform. In order to be effective in helping protect against new and prevalent threats, antimalware software must be kept up to date with these updates in a timely manner. For enterprise deployments as well as end users, the default configuration in Microsoft antimalware software helps ensure that malware definitions and the Windows Defender Antimalware Platform are kept up to date automatically. Product documentation also recommends that products are configured for automatic updating. Best practices recommend that customers regularly verify whether software distribution, such as the automatic deployment of Windows Defender Antimalware Platform updates and malware definitions, is working as expected in their environment. How often are the Windows Defender Antimalware Platform and malware definitions updated? Microsoft typically releases an update for the Windows Defender Antimalware Platform once a month or as needed to protect against new threats. Microsoft also typically updates the malware definitions three times daily and can increase the frequency when needed. Depending on which Microsoft antimalware software is used and how it is configured, the software may search for platform, engine and definition updates every day when connected to the Internet, up to multiple times daily. Customers can also choose to manually check for updates at any time. What is the Windows Defender Antimalware Platform? The Windows Defender Antimalware Platform is a collection of user-mode binaries (e.g. MsMpEng.exe) and kernel-mode drivers that run on top of Windows to keep devices protected against new and prevalent threats. Windows Defender uses the Windows Defender Antimalware Platform. On which products is Defender installed and active by default? Defender runs on all supported versions of Windows. Are there other products that use the Windows Defender Antimalware Platform? Yes, Microsoft System Center Endpoint Protection, Microsoft System Center 2012 R2 Endpoint Protection, Microsoft System Center 2012 Endpoint Protection and Microsoft Security Essentials. Does this update contain any additional security-related changes to functionality? Yes. In addition to the changes that are listed for this vulnerability, this update includes defense-in-depth updates to help improve security-related features. Suggested ActionsVerify that the update is installed Customers should verify that the latest version of the Microsoft Malware Protection Platform and definition updates are being actively downloaded and installed for their Microsoft antimalware products.
Mitigations: None Workarounds: None Revision: 1.0    12-Mar-24     Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-20671 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows Defender Antimalware Platform | Release Notes (Security Update) | Important | Security Feature Bypass | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
4.18.24010.12 | No | None |
CVE ID | Acknowledgements |
CVE-2024-20671 | Manuel Feifel with Infoguard (Vurex) |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-21392
MITRE NVD Issuing CNA: Microsoft |
CVE Title: .NET and Visual Studio Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.7
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    12-Mar-24     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-21392 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
.NET 7.0 | 5036451 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
7.0.17 | Maybe | None |
.NET 8.0 | 5036452 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
8.0.3 | Maybe | None |
Microsoft Visual Studio 2022 version 17.4 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
17.4.17 | Maybe | None |
Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
17.6.13 | Maybe | None |
Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
17.8.8 | Maybe | None |
Microsoft Visual Studio 2022 version 17.9 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
17.9.3 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2024-21392 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-21411
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Skype for Consumer Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by sending the user a malicious link or a malicious image via Instant Message and then convincing the user to click the link or image. How do I get the update?
To verify that you have the latest version of Skype installed, Select Settings > Help & Feedback. For more information on how to update Skype, see Updating to the latest version of Skype. According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability? An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality. Mitigations: None Workarounds: None Revision: 1.0    12-Mar-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-21411 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Skype for Consumer | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.113 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2024-21411 | Hector Peralta (@hperalta89) and Nicol\xc3\xa1s Armua working with Trend Micro Zero Day Initiative
|
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-21418
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could an attacker gain with a successful exploitation? An unprivileged attacker with read only permissions can escalate to Root in the Border Gateway Protocol container and perform specific actions that enable them to escape the container. Mitigations: None Workarounds: None Revision: 1.0    12-Mar-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-21418 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Software for Open Networking in the Cloud (SONiC) 201811 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
20181130.106 | Maybe | None |
Software for Open Networking in the Cloud (SONiC) 201911 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
20191130.89 | Maybe | None |
Software for Open Networking in the Cloud (SONiC) 202012 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
20201231.96 | Maybe | None |
Software for Open Networking in the Cloud (SONiC) 202205 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
20220531.26 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2024-21418 | Sarah Mulnick |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-21421
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Azure SDK Spoofing Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: What actions do customers need to take to protect themselves from this vulnerability? Customers with deployments created prior to Oct 19. 2023 must manually upgrade azure-core to Azure Core Build 1.29.5 or higher to be protected. For information reference the following: https://azure.github.io/azure-sdk/releases/latest/index.html. Customers with deployments created after October 19, 2023 recieved the fix automatically and no action is needed. Mitigations: None Workarounds: None Revision: 1.0    12-Mar-24     Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-21421 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Azure SDK | Release Notes (Security Update) | Important | Spoofing | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
1.29.5 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2024-21421 | Chris Burr Chris Burr |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-21426
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send the user a malicious file and convince them to open it. According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability? An attacker who successfully exploits this vulnerability could perform a remote attack that could enable access to the victim's information and the ability to alter information. Successful exploitation could also potentially cause downtime for the targeted environment. According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability. Mitigations: None Workarounds: None Revision: 1.0    12-Mar-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-21426 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Microsoft SharePoint Enterprise Server 2016 | 5002559 (Security Update) | Important | Remote Code Execution | 5002541 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5439.1000 | Maybe | None |
Microsoft SharePoint Server 2019 | 5002562 (Security Update) | Important | Remote Code Execution | 5002539 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.10408.20000 | Maybe | None |
Microsoft SharePoint Server Subscription Edition | 5002564 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.17328.20136 | Maybe | None |
CVE ID | Acknowledgements |
CVE-2024-21426 | kap0k |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-21429
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows USB Hub Driver Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.8/TemporalScore:5.9
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    12-Mar-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-21429 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5035858 (Security Update) | Important | Remote Code Execution | 5034774 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20526 | Yes | None |
Windows 10 for x64-based Systems | 5035858 (Security Update) | Important | Remote Code Execution | 5034774 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20526 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5035855 (Security Update) | Important | Remote Code Execution | 5034767 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6796 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5035855 (Security Update) | Important | Remote Code Execution | 5034767 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6796 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5035849 (Security Update) | Important | Remote Code Execution | 5034768 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5035849 (Security Update) | Important | Remote Code Execution | 5034768 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5035849 (Security Update) | Important | Remote Code Execution | 5034768 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5035845 (Security Update) | Important | Remote Code Execution | 5034763 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4170 |
Yes | 5035845 |
Windows 10 Version 21H2 for ARM64-based Systems | 5035845 (Security Update) | Important | Remote Code Execution | 5034763 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4170 |
Yes | 5035845 |
Windows 10 Version 21H2 for x64-based Systems | 5035845 (Security Update) | Important | Remote Code Execution | 5034763 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4170 |
Yes | 5035845 |
Windows 10 Version 22H2 for 32-bit Systems | 5035845 (Security Update) | Important | Remote Code Execution | 5034763 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4170 |
Yes | 5035845 |
Windows 10 Version 22H2 for ARM64-based Systems | 5035845 (Security Update) | Important | Remote Code Execution | 5034763 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4170 |
Yes | 5035845 |
Windows 10 Version 22H2 for x64-based Systems | 5035845 (Security Update) | Important | Remote Code Execution | 5034763 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4170 |
Yes | 5035845 |
Windows 11 version 21H2 for ARM64-based Systems | 5035854 (Security Update) | Important | Remote Code Execution | 5034766 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2836 | Yes | None |
Windows 11 version 21H2 for x64-based Systems | 5035854 (Security Update) | Important | Remote Code Execution | 5034766 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2836 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5035853 (Security Update) | Important | Remote Code Execution | 5034765 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3296 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5035853 (Security Update) | Important | Remote Code Execution | 5034765 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3296 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5035853 (Security Update) | Important | Remote Code Execution | 5034765 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3296 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5035853 (Security Update) | Important | Remote Code Execution | 5034765 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3296 | Yes | None |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5035920 (Monthly Rollup) 5035933 (Security Only) |
Important | Remote Code Execution | 5034795 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22567 |
Yes | 5035920 5035933 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5035920 (Monthly Rollup) 5035933 (Security Only) |
Important | Remote Code Execution | 5034795 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22567 |
Yes | 5035920 5035933 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5035920 (Monthly Rollup) 5035933 (Security Only) |
Important | Remote Code Execution | 5034795 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22567 |
Yes | 5035920 5035933 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5035920 (Monthly Rollup) 5035933 (Security Only) |
Important | Remote Code Execution | 5034795 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22567 |
Yes | 5035920 5035933 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5035888 (Monthly Rollup) 5035919 (Security Only) |
Important | Remote Code Execution | 5034831 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27017 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5035888 (Monthly Rollup) 5035919 (Security Only) |
Important | Remote Code Execution | 5034831 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27017 | Yes | None |
Windows Server 2012 | 5035930 (Monthly Rollup) | Important | Remote Code Execution | 5034830 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24768 | Yes | None |
Windows Server 2012 (Server Core installation) | 5035930 (Monthly Rollup) | Important | Remote Code Execution | 5034830 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24768 | Yes | None |
Windows Server 2012 R2 | 5035885 (Monthly Rollup) | Important | Remote Code Execution | 5034819 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21871 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5035885 (Monthly Rollup) | Important | Remote Code Execution | 5034819 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21871 | Yes | None |
Windows Server 2016 | 5035855 (Security Update) | Important | Remote Code Execution | 5034767 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6796 | Yes | None |
Windows Server 2016 (Server Core installation) | 5035855 (Security Update) | Important | Remote Code Execution | 5034767 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6796 | Yes | None |
Windows Server 2019 | 5035849 (Security Update) | Important | Remote Code Execution | 5034768 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows Server 2019 (Server Core installation) | 5035849 (Security Update) | Important | Remote Code Execution | 5034768 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows Server 2022 | 5035857 (Security Update) 5035959 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5034770 5034860 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2340 10.0.20348.2333 |
Yes | None |
Windows Server 2022 (Server Core installation) | 5035857 (Security Update) 5035959 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5034770 5034860 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2340 10.0.20348.2333 |
Yes | None |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5035856 (Security Update) | Important | Remote Code Execution | 5034769 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.763 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-21429 | Wei in Kunlun Lab with Cyber KunLun |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-21430
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:5.7/TemporalScore:5.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to physically access the target device. To gain access, an attacker must acquire the device after being unlocked by a legitimate user (target of opportunity) or possess the ability to pass device authentication or password protection mechanisms. Mitigations: None Workarounds: None Revision: 1.0    12-Mar-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-21430 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5035858 (Security Update) | Important | Remote Code Execution | 5034774 | Base: 5.7 Temporal: 5.1 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
10.0.10240.20526 | Yes | None |
Windows 10 for x64-based Systems | 5035858 (Security Update) | Important | Remote Code Execution | 5034774 | Base: 5.7 Temporal: 5.1 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
10.0.10240.20526 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5035855 (Security Update) | Important | Remote Code Execution | 5034767 | Base: 5.7 Temporal: 5.1 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
10.0.14393.6796 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5035855 (Security Update) | Important | Remote Code Execution | 5034767 | Base: 5.7 Temporal: 5.1 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
10.0.14393.6796 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5035849 (Security Update) | Important | Remote Code Execution | 5034768 | Base: 5.7 Temporal: 5.1 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5035849 (Security Update) | Important | Remote Code Execution | 5034768 | Base: 5.7 Temporal: 5.1 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5035849 (Security Update) | Important | Remote Code Execution | 5034768 | Base: 5.7 Temporal: 5.1 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5035845 (Security Update) | Important | Remote Code Execution | 5034763 |
Base: 5.7 Temporal: 5.1 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
10.0.19044.4170 |
Yes | 5035845 |
Windows 10 Version 21H2 for ARM64-based Systems | 5035845 (Security Update) | Important | Remote Code Execution | 5034763 |
Base: 5.7 Temporal: 5.1 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
10.0.19044.4170 |
Yes | 5035845 |
Windows 10 Version 21H2 for x64-based Systems | 5035845 (Security Update) | Important | Remote Code Execution | 5034763 |
Base: 5.7 Temporal: 5.1 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
10.0.19044.4170 |
Yes | 5035845 |
Windows 10 Version 22H2 for 32-bit Systems | 5035845 (Security Update) | Important | Remote Code Execution | 5034763 |
Base: 5.7 Temporal: 5.1 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
10.0.19045.4170 |
Yes | 5035845 |
Windows 10 Version 22H2 for ARM64-based Systems | 5035845 (Security Update) | Important | Remote Code Execution | 5034763 |
Base: 5.7 Temporal: 5.1 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
10.0.19045.4170 |
Yes | 5035845 |
Windows 10 Version 22H2 for x64-based Systems | 5035845 (Security Update) | Important | Remote Code Execution | 5034763 |
Base: 5.7 Temporal: 5.1 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
10.0.19045.4170 |
Yes | 5035845 |
Windows 11 version 21H2 for ARM64-based Systems | 5035854 (Security Update) | Important | Remote Code Execution | 5034766 | Base: 5.7 Temporal: 5.1 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
10.0.22000.2836 | Yes | None |
Windows 11 version 21H2 for x64-based Systems | 5035854 (Security Update) | Important | Remote Code Execution | 5034766 | Base: 5.7 Temporal: 5.1 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
10.0.22000.2836 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5035853 (Security Update) | Important | Remote Code Execution | 5034765 | Base: 5.7 Temporal: 5.1 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
10.0.22621.3296 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5035853 (Security Update) | Important | Remote Code Execution | 5034765 | Base: 5.7 Temporal: 5.1 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
10.0.22621.3296 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5035853 (Security Update) | Important | Remote Code Execution | 5034765 | Base: 5.7 Temporal: 5.1 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
10.0.22631.3296 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5035853 (Security Update) | Important | Remote Code Execution | 5034765 | Base: 5.7 Temporal: 5.1 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
10.0.22631.3296 | Yes | None |
Windows Server 2012 | 5035930 (Monthly Rollup) | Important | Remote Code Execution | 5034830 | Base: 5.7 Temporal: 5.1 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
6.2.9200.24768 | Yes | None |
Windows Server 2012 (Server Core installation) | 5035930 (Monthly Rollup) | Important | Remote Code Execution | 5034830 | Base: 5.7 Temporal: 5.1 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
6.2.9200.24768 | Yes | None |
Windows Server 2012 R2 | 5035885 (Monthly Rollup) | Important | Remote Code Execution | 5034819 | Base: 5.7 Temporal: 5.1 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
6.3.9600.21871 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5035885 (Monthly Rollup) | Important | Remote Code Execution | 5034819 | Base: 5.7 Temporal: 5.1 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
6.3.9600.21871 | Yes | None |
Windows Server 2016 | 5035855 (Security Update) | Important | Remote Code Execution | 5034767 | Base: 5.7 Temporal: 5.1 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
10.0.14393.6796 | Yes | None |
Windows Server 2016 (Server Core installation) | 5035855 (Security Update) | Important | Remote Code Execution | 5034767 | Base: 5.7 Temporal: 5.1 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
10.0.14393.6796 | Yes | None |
Windows Server 2019 | 5035849 (Security Update) | Important | Remote Code Execution | 5034768 | Base: 5.7 Temporal: 5.1 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows Server 2019 (Server Core installation) | 5035849 (Security Update) | Important | Remote Code Execution | 5034768 | Base: 5.7 Temporal: 5.1 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows Server 2022 | 5035857 (Security Update) 5035959 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5034770 5034860 |
Base: 5.7 Temporal: 5.1 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
10.0.20348.2340 10.0.20348.2333 |
Yes | None |
Windows Server 2022 (Server Core installation) | 5035857 (Security Update) 5035959 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5034770 5034860 |
Base: 5.7 Temporal: 5.1 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
10.0.20348.2340 10.0.20348.2333 |
Yes | None |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5035856 (Security Update) | Important | Remote Code Execution | 5034769 | Base: 5.7 Temporal: 5.1 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
10.0.25398.763 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-21430 | Wei in Kunlun Lab with Cyber KunLun |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-21438
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft AllJoyn API Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    12-Mar-24     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-21438 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5035858 (Security Update) | Important | Denial of Service | 5034774 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20526 | Yes | None |
Windows 10 for x64-based Systems | 5035858 (Security Update) | Important | Denial of Service | 5034774 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20526 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5035855 (Security Update) | Important | Denial of Service | 5034767 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6796 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5035855 (Security Update) | Important | Denial of Service | 5034767 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6796 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5035849 (Security Update) | Important | Denial of Service | 5034768 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5035849 (Security Update) | Important | Denial of Service | 5034768 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5035849 (Security Update) | Important | Denial of Service | 5034768 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5035845 (Security Update) | Important | Denial of Service | 5034763 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4170 |
Yes | 5035845 |
Windows 10 Version 21H2 for ARM64-based Systems | 5035845 (Security Update) | Important | Denial of Service | 5034763 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4170 |
Yes | 5035845 |
Windows 10 Version 21H2 for x64-based Systems | 5035845 (Security Update) | Important | Denial of Service | 5034763 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.4170 |
Yes | 5035845 |
Windows 10 Version 22H2 for 32-bit Systems | 5035845 (Security Update) | Important | Denial of Service | 5034763 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4170 |
Yes | 5035845 |
Windows 10 Version 22H2 for ARM64-based Systems | 5035845 (Security Update) | Important | Denial of Service | 5034763 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4170 |
Yes | 5035845 |
Windows 10 Version 22H2 for x64-based Systems | 5035845 (Security Update) | Important | Denial of Service | 5034763 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.4170 |
Yes | 5035845 |
Windows 11 version 21H2 for ARM64-based Systems | 5035854 (Security Update) | Important | Denial of Service | 5034766 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2836 | Yes | None |
Windows 11 version 21H2 for x64-based Systems | 5035854 (Security Update) | Important | Denial of Service | 5034766 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22000.2836 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5035853 (Security Update) | Important | Denial of Service | 5034765 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.3296 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5035853 (Security Update) | Important | Denial of Service | 5034765 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.3296 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5035853 (Security Update) | Important | Denial of Service | 5034765 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.3296 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5035853 (Security Update) | Important | Denial of Service | 5034765 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.3296 | Yes | None |
Windows Server 2016 | 5035855 (Security Update) | Important | Denial of Service | 5034767 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6796 | Yes | None |
Windows Server 2016 (Server Core installation) | 5035855 (Security Update) | Important | Denial of Service | 5034767 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6796 | Yes | None |
Windows Server 2019 | 5035849 (Security Update) | Important | Denial of Service | 5034768 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows Server 2019 (Server Core installation) | 5035849 (Security Update) | Important | Denial of Service | 5034768 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows Server 2022 | 5035857 (Security Update) 5035959 (SecurityHotpatchUpdate) |
Important | Denial of Service | 5034770 5034860 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2340 10.0.20348.2333 |
Yes | None |
Windows Server 2022 (Server Core installation) | 5035857 (Security Update) 5035959 (SecurityHotpatchUpdate) |
Important | Denial of Service | 5034770 5034860 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2340 10.0.20348.2333 |
Yes | None |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5035856 (Security Update) | Important | Denial of Service | 5034769 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.763 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-21438 | ziming zhang with Ant Security Light-Year Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-21439
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Server Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could execute code in the security context of the “NT AUTHORITY\Network Service” account. Mitigations: None Workarounds: None Revision: 1.0    12-Mar-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-21439 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5035858 (Security Update) | Important | Elevation of Privilege | 5034774 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20526 | Yes | None |
Windows 10 for x64-based Systems | 5035858 (Security Update) | Important | Elevation of Privilege | 5034774 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20526 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5035855 (Security Update) | Important | Elevation of Privilege | 5034767 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6796 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5035855 (Security Update) | Important | Elevation of Privilege | 5034767 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6796 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5035849 (Security Update) | Important | Elevation of Privilege | 5034768 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5035849 (Security Update) | Important | Elevation of Privilege | 5034768 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5035849 (Security Update) | Important | Elevation of Privilege | 5034768 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5035845 (Security Update) | Important | Elevation of Privilege | 5034763 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4170 |
Yes | 5035845 |
Windows 10 Version 21H2 for ARM64-based Systems | 5035845 (Security Update) | Important | Elevation of Privilege | 5034763 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4170 |
Yes | 5035845 |
Windows 10 Version 21H2 for x64-based Systems | 5035845 (Security Update) | Important | Elevation of Privilege | 5034763 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4170 |
Yes | 5035845 |
Windows 10 Version 22H2 for 32-bit Systems | 5035845 (Security Update) | Important | Elevation of Privilege | 5034763 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4170 |
Yes | 5035845 |
Windows 10 Version 22H2 for ARM64-based Systems | 5035845 (Security Update) | Important | Elevation of Privilege | 5034763 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4170 |
Yes | 5035845 |
Windows 10 Version 22H2 for x64-based Systems | 5035845 (Security Update) | Important | Elevation of Privilege | 5034763 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4170 |
Yes | 5035845 |
Windows 11 version 21H2 for ARM64-based Systems | 5035854 (Security Update) | Important | Elevation of Privilege | 5034766 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2836 | Yes | None |
Windows 11 version 21H2 for x64-based Systems | 5035854 (Security Update) | Important | Elevation of Privilege | 5034766 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2836 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5035853 (Security Update) | Important | Elevation of Privilege | 5034765 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3296 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5035853 (Security Update) | Important | Elevation of Privilege | 5034765 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3296 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5035853 (Security Update) | Important | Elevation of Privilege | 5034765 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3296 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5035853 (Security Update) | Important | Elevation of Privilege | 5034765 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3296 | Yes | None |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5035920 (Monthly Rollup) 5035933 (Security Only) |
Important | Elevation of Privilege | 5034795 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22567 |
Yes | 5035920 5035933 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5035920 (Monthly Rollup) 5035933 (Security Only) |
Important | Elevation of Privilege | 5034795 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22567 |
Yes | 5035920 5035933 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5035920 (Monthly Rollup) 5035933 (Security Only) |
Important | Elevation of Privilege | 5034795 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22567 |
Yes | 5035920 5035933 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5035920 (Monthly Rollup) 5035933 (Security Only) |
Important | Elevation of Privilege | 5034795 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22567 |
Yes | 5035920 5035933 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5035888 (Monthly Rollup) 5035919 (Security Only) |
Important | Elevation of Privilege | 5034831 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27017 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5035888 (Monthly Rollup) 5035919 (Security Only) |
Important | Elevation of Privilege | 5034831 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27017 | Yes | None |
Windows Server 2012 | 5035930 (Monthly Rollup) | Important | Elevation of Privilege | 5034830 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24768 | Yes | None |
Windows Server 2012 (Server Core installation) | 5035930 (Monthly Rollup) | Important | Elevation of Privilege | 5034830 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24768 | Yes | None |
Windows Server 2012 R2 | 5035885 (Monthly Rollup) | Important | Elevation of Privilege | 5034819 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21871 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5035885 (Monthly Rollup) | Important | Elevation of Privilege | 5034819 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21871 | Yes | None |
Windows Server 2016 | 5035855 (Security Update) | Important | Elevation of Privilege | 5034767 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6796 | Yes | None |
Windows Server 2016 (Server Core installation) | 5035855 (Security Update) | Important | Elevation of Privilege | 5034767 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6796 | Yes | None |
Windows Server 2019 | 5035849 (Security Update) | Important | Elevation of Privilege | 5034768 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows Server 2019 (Server Core installation) | 5035849 (Security Update) | Important | Elevation of Privilege | 5034768 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows Server 2022 | 5035857 (Security Update) 5035959 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5034770 5034860 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2340 10.0.20348.2333 |
Yes | None |
Windows Server 2022 (Server Core installation) | 5035857 (Security Update) 5035959 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5034770 5034860 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2340 10.0.20348.2333 |
Yes | None |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5035856 (Security Update) | Important | Elevation of Privilege | 5034769 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.763 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-21439 | k0shl with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-21441
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client. According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application. Mitigations: None Workarounds: None Revision: 1.0    12-Mar-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-21441 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5035858 (Security Update) | Important | Remote Code Execution | 5034774 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20526 | Yes | None |
Windows 10 for x64-based Systems | 5035858 (Security Update) | Important | Remote Code Execution | 5034774 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20526 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5035855 (Security Update) | Important | Remote Code Execution | 5034767 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6796 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5035855 (Security Update) | Important | Remote Code Execution | 5034767 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6796 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5035849 (Security Update) | Important | Remote Code Execution | 5034768 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5035849 (Security Update) | Important | Remote Code Execution | 5034768 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5035849 (Security Update) | Important | Remote Code Execution | 5034768 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5035845 (Security Update) | Important | Remote Code Execution | 5034763 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4170 |
Yes | 5035845 |
Windows 10 Version 21H2 for ARM64-based Systems | 5035845 (Security Update) | Important | Remote Code Execution | 5034763 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4170 |
Yes | 5035845 |
Windows 10 Version 21H2 for x64-based Systems | 5035845 (Security Update) | Important | Remote Code Execution | 5034763 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4170 |
Yes | 5035845 |
Windows 10 Version 22H2 for 32-bit Systems | 5035845 (Security Update) | Important | Remote Code Execution | 5034763 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4170 |
Yes | 5035845 |
Windows 10 Version 22H2 for ARM64-based Systems | 5035845 (Security Update) | Important | Remote Code Execution | 5034763 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4170 |
Yes | 5035845 |
Windows 10 Version 22H2 for x64-based Systems | 5035845 (Security Update) | Important | Remote Code Execution | 5034763 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4170 |
Yes | 5035845 |
Windows 11 version 21H2 for ARM64-based Systems | 5035854 (Security Update) | Important | Remote Code Execution | 5034766 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2836 | Yes | None |
Windows 11 version 21H2 for x64-based Systems | 5035854 (Security Update) | Important | Remote Code Execution | 5034766 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2836 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5035853 (Security Update) | Important | Remote Code Execution | 5034765 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3296 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5035853 (Security Update) | Important | Remote Code Execution | 5034765 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3296 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5035853 (Security Update) | Important | Remote Code Execution | 5034765 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3296 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5035853 (Security Update) | Important | Remote Code Execution | 5034765 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3296 | Yes | None |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5035920 (Monthly Rollup) 5035933 (Security Only) |
Important | Remote Code Execution | 5034795 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22567 |
Yes | 5035920 5035933 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5035920 (Monthly Rollup) 5035933 (Security Only) |
Important | Remote Code Execution | 5034795 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22567 |
Yes | 5035920 5035933 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5035920 (Monthly Rollup) 5035933 (Security Only) |
Important | Remote Code Execution | 5034795 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22567 |
Yes | 5035920 5035933 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5035920 (Monthly Rollup) 5035933 (Security Only) |
Important | Remote Code Execution | 5034795 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22567 |
Yes | 5035920 5035933 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5035888 (Monthly Rollup) 5035919 (Security Only) |
Important | Remote Code Execution | 5034831 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27017 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5035888 (Monthly Rollup) 5035919 (Security Only) |
Important | Remote Code Execution | 5034831 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27017 | Yes | None |
Windows Server 2012 | 5035930 (Monthly Rollup) | Important | Remote Code Execution | 5034830 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24768 | Yes | None |
Windows Server 2012 (Server Core installation) | 5035930 (Monthly Rollup) | Important | Remote Code Execution | 5034830 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24768 | Yes | None |
Windows Server 2012 R2 | 5035885 (Monthly Rollup) | Important | Remote Code Execution | 5034819 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21871 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5035885 (Monthly Rollup) | Important | Remote Code Execution | 5034819 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21871 | Yes | None |
Windows Server 2016 | 5035855 (Security Update) | Important | Remote Code Execution | 5034767 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6796 | Yes | None |
Windows Server 2016 (Server Core installation) | 5035855 (Security Update) | Important | Remote Code Execution | 5034767 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6796 | Yes | None |
Windows Server 2019 | 5035849 (Security Update) | Important | Remote Code Execution | 5034768 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows Server 2019 (Server Core installation) | 5035849 (Security Update) | Important | Remote Code Execution | 5034768 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows Server 2022 | 5035857 (Security Update) 5035959 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5034770 5034860 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2340 10.0.20348.2333 |
Yes | None |
Windows Server 2022 (Server Core installation) | 5035857 (Security Update) 5035959 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5034770 5034860 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2340 10.0.20348.2333 |
Yes | None |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5035856 (Security Update) | Important | Remote Code Execution | 5034769 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.763 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-21441 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-21442
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows USB Print Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    12-Mar-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-21442 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 21H2 for 32-bit Systems | 5035845 (Security Update) | Important | Elevation of Privilege | 5034763 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4170 |
Yes | 5035845 |
Windows 10 Version 21H2 for ARM64-based Systems | 5035845 (Security Update) | Important | Elevation of Privilege | 5034763 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4170 |
Yes | 5035845 |
Windows 10 Version 21H2 for x64-based Systems | 5035845 (Security Update) | Important | Elevation of Privilege | 5034763 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4170 |
Yes | 5035845 |
Windows 10 Version 22H2 for 32-bit Systems | 5035845 (Security Update) | Important | Elevation of Privilege | 5034763 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4170 |
Yes | 5035845 |
Windows 10 Version 22H2 for ARM64-based Systems | 5035845 (Security Update) | Important | Elevation of Privilege | 5034763 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4170 |
Yes | 5035845 |
Windows 10 Version 22H2 for x64-based Systems | 5035845 (Security Update) | Important | Elevation of Privilege | 5034763 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4170 |
Yes | 5035845 |
Windows 11 version 21H2 for ARM64-based Systems | 5035854 (Security Update) | Important | Elevation of Privilege | 5034766 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2836 | Yes | None |
Windows 11 version 21H2 for x64-based Systems | 5035854 (Security Update) | Important | Elevation of Privilege | 5034766 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2836 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5035853 (Security Update) | Important | Elevation of Privilege | 5034765 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3296 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5035853 (Security Update) | Important | Elevation of Privilege | 5034765 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3296 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5035853 (Security Update) | Important | Elevation of Privilege | 5034765 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3296 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5035853 (Security Update) | Important | Elevation of Privilege | 5034765 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3296 | Yes | None |
Windows Server 2022 | 5035857 (Security Update) 5035959 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5034770 5034860 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2340 10.0.20348.2333 |
Yes | None |
Windows Server 2022 (Server Core installation) | 5035857 (Security Update) 5035959 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5034770 5034860 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2340 10.0.20348.2333 |
Yes | None |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5035856 (Security Update) | Important | Elevation of Privilege | 5034769 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.763 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-21442 | Jongseong Kim, Byunghyun Kang, Sangjun Park, Yunjin Park, Kwon Yul and Seungchan Kim with 우리 오늘부터 0-day? (BoB 12th) |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-21443
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.3/TemporalScore:6.4
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metric, user interaction is required (UI:R). What does that mean for this vulnerability? An administrative user must be convinced to open a malicious COM object like an .rtf file. Mitigations: None Workarounds: None Revision: 1.0    12-Mar-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-21443 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 1809 for 32-bit Systems | 5035849 (Security Update) | Important | Elevation of Privilege | 5034768 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5035849 (Security Update) | Important | Elevation of Privilege | 5034768 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5035849 (Security Update) | Important | Elevation of Privilege | 5034768 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5035845 (Security Update) | Important | Elevation of Privilege | 5034763 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4170 |
Yes | 5035845 |
Windows 10 Version 21H2 for ARM64-based Systems | 5035845 (Security Update) | Important | Elevation of Privilege | 5034763 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4170 |
Yes | 5035845 |
Windows 10 Version 21H2 for x64-based Systems | 5035845 (Security Update) | Important | Elevation of Privilege | 5034763 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4170 |
Yes | 5035845 |
Windows 10 Version 22H2 for 32-bit Systems | 5035845 (Security Update) | Important | Elevation of Privilege | 5034763 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4170 |
Yes | 5035845 |
Windows 10 Version 22H2 for ARM64-based Systems | 5035845 (Security Update) | Important | Elevation of Privilege | 5034763 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4170 |
Yes | 5035845 |
Windows 10 Version 22H2 for x64-based Systems | 5035845 (Security Update) | Important | Elevation of Privilege | 5034763 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4170 |
Yes | 5035845 |
Windows 11 version 21H2 for ARM64-based Systems | 5035854 (Security Update) | Important | Elevation of Privilege | 5034766 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2836 | Yes | None |
Windows 11 version 21H2 for x64-based Systems | 5035854 (Security Update) | Important | Elevation of Privilege | 5034766 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2836 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5035853 (Security Update) | Important | Elevation of Privilege | 5034765 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3296 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5035853 (Security Update) | Important | Elevation of Privilege | 5034765 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3296 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5035853 (Security Update) | Important | Elevation of Privilege | 5034765 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3296 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5035853 (Security Update) | Important | Elevation of Privilege | 5034765 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3296 | Yes | None |
Windows Server 2019 | 5035849 (Security Update) | Important | Elevation of Privilege | 5034768 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows Server 2019 (Server Core installation) | 5035849 (Security Update) | Important | Elevation of Privilege | 5034768 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows Server 2022 | 5035857 (Security Update) 5035959 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5034770 5034860 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2340 10.0.20348.2333 |
Yes | None |
Windows Server 2022 (Server Core installation) | 5035857 (Security Update) 5035959 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5034770 5034860 |
Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2340 10.0.20348.2333 |
Yes | None |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5035856 (Security Update) | Important | Elevation of Privilege | 5034769 | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.763 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-21443 | CHEN QINGYANG with Topsec Alpha Team |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-21444
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client. According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application. Mitigations: None Workarounds: None Revision: 1.0    12-Mar-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-21444 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5035858 (Security Update) | Important | Remote Code Execution | 5034774 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20526 | Yes | None |
Windows 10 for x64-based Systems | 5035858 (Security Update) | Important | Remote Code Execution | 5034774 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20526 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5035855 (Security Update) | Important | Remote Code Execution | 5034767 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6796 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5035855 (Security Update) | Important | Remote Code Execution | 5034767 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6796 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5035849 (Security Update) | Important | Remote Code Execution | 5034768 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5035849 (Security Update) | Important | Remote Code Execution | 5034768 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5035849 (Security Update) | Important | Remote Code Execution | 5034768 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5035845 (Security Update) | Important | Remote Code Execution | 5034763 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4170 |
Yes | 5035845 |
Windows 10 Version 21H2 for ARM64-based Systems | 5035845 (Security Update) | Important | Remote Code Execution | 5034763 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4170 |
Yes | 5035845 |
Windows 10 Version 21H2 for x64-based Systems | 5035845 (Security Update) | Important | Remote Code Execution | 5034763 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4170 |
Yes | 5035845 |
Windows 10 Version 22H2 for 32-bit Systems | 5035845 (Security Update) | Important | Remote Code Execution | 5034763 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4170 |
Yes | 5035845 |
Windows 10 Version 22H2 for ARM64-based Systems | 5035845 (Security Update) | Important | Remote Code Execution | 5034763 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4170 |
Yes | 5035845 |
Windows 10 Version 22H2 for x64-based Systems | 5035845 (Security Update) | Important | Remote Code Execution | 5034763 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4170 |
Yes | 5035845 |
Windows 11 version 21H2 for ARM64-based Systems | 5035854 (Security Update) | Important | Remote Code Execution | 5034766 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2836 | Yes | None |
Windows 11 version 21H2 for x64-based Systems | 5035854 (Security Update) | Important | Remote Code Execution | 5034766 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2836 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5035853 (Security Update) | Important | Remote Code Execution | 5034765 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3296 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5035853 (Security Update) | Important | Remote Code Execution | 5034765 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3296 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5035853 (Security Update) | Important | Remote Code Execution | 5034765 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3296 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5035853 (Security Update) | Important | Remote Code Execution | 5034765 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3296 | Yes | None |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5035920 (Monthly Rollup) 5035933 (Security Only) |
Important | Remote Code Execution | 5034795 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22567 |
Yes | 5035920 5035933 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5035920 (Monthly Rollup) 5035933 (Security Only) |
Important | Remote Code Execution | 5034795 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22567 |
Yes | 5035920 5035933 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5035920 (Monthly Rollup) 5035933 (Security Only) |
Important | Remote Code Execution | 5034795 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22567 |
Yes | 5035920 5035933 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5035920 (Monthly Rollup) 5035933 (Security Only) |
Important | Remote Code Execution | 5034795 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22567 |
Yes | 5035920 5035933 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5035888 (Monthly Rollup) 5035919 (Security Only) |
Important | Remote Code Execution | 5034831 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27017 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5035888 (Monthly Rollup) 5035919 (Security Only) |
Important | Remote Code Execution | 5034831 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27017 | Yes | None |
Windows Server 2012 | 5035930 (Monthly Rollup) | Important | Remote Code Execution | 5034830 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24768 | Yes | None |
Windows Server 2012 (Server Core installation) | 5035930 (Monthly Rollup) | Important | Remote Code Execution | 5034830 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24768 | Yes | None |
Windows Server 2012 R2 | 5035885 (Monthly Rollup) | Important | Remote Code Execution | 5034819 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21871 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5035885 (Monthly Rollup) | Important | Remote Code Execution | 5034819 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21871 | Yes | None |
Windows Server 2016 | 5035855 (Security Update) | Important | Remote Code Execution | 5034767 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6796 | Yes | None |
Windows Server 2016 (Server Core installation) | 5035855 (Security Update) | Important | Remote Code Execution | 5034767 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6796 | Yes | None |
Windows Server 2019 | 5035849 (Security Update) | Important | Remote Code Execution | 5034768 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows Server 2019 (Server Core installation) | 5035849 (Security Update) | Important | Remote Code Execution | 5034768 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows Server 2022 | 5035857 (Security Update) 5035959 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5034770 5034860 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2340 10.0.20348.2333 |
Yes | None |
Windows Server 2022 (Server Core installation) | 5035857 (Security Update) 5035959 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5034770 5034860 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2340 10.0.20348.2333 |
Yes | None |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5035856 (Security Update) | Important | Remote Code Execution | 5034769 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.763 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-21444 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-21445
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows USB Print Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.0/TemporalScore:6.1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    12-Mar-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-21445 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 Version 21H2 for 32-bit Systems | 5035845 (Security Update) | Important | Elevation of Privilege | 5034763 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4170 |
Yes | 5035845 |
Windows 10 Version 21H2 for ARM64-based Systems | 5035845 (Security Update) | Important | Elevation of Privilege | 5034763 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4170 |
Yes | 5035845 |
Windows 10 Version 21H2 for x64-based Systems | 5035845 (Security Update) | Important | Elevation of Privilege | 5034763 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4170 |
Yes | 5035845 |
Windows 10 Version 22H2 for 32-bit Systems | 5035845 (Security Update) | Important | Elevation of Privilege | 5034763 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4170 |
Yes | 5035845 |
Windows 10 Version 22H2 for ARM64-based Systems | 5035845 (Security Update) | Important | Elevation of Privilege | 5034763 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4170 |
Yes | 5035845 |
Windows 10 Version 22H2 for x64-based Systems | 5035845 (Security Update) | Important | Elevation of Privilege | 5034763 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4170 |
Yes | 5035845 |
Windows 11 version 21H2 for ARM64-based Systems | 5035854 (Security Update) | Important | Elevation of Privilege | 5034766 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2836 | Yes | None |
Windows 11 version 21H2 for x64-based Systems | 5035854 (Security Update) | Important | Elevation of Privilege | 5034766 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2836 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5035853 (Security Update) | Important | Elevation of Privilege | 5034765 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3296 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5035853 (Security Update) | Important | Elevation of Privilege | 5034765 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3296 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5035853 (Security Update) | Important | Elevation of Privilege | 5034765 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3296 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5035853 (Security Update) | Important | Elevation of Privilege | 5034765 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3296 | Yes | None |
Windows Server 2022 | 5035857 (Security Update) 5035959 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5034770 5034860 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2340 10.0.20348.2333 |
Yes | None |
Windows Server 2022 (Server Core installation) | 5035857 (Security Update) 5035959 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5034770 5034860 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2340 10.0.20348.2333 |
Yes | None |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5035856 (Security Update) | Important | Elevation of Privilege | 5034769 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.763 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-21445 | Jongseong Kim, Byunghyun Kang, Sangjun Park, Yunjin Park, Kwon Yul and Seungchan Kim with 우리 오늘부터 0-day? (BoB 12th) |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-21446
MITRE NVD Issuing CNA: Microsoft |
CVE Title: NTFS Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.8/TemporalScore:6.8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    12-Mar-24     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-21446 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5035858 (Security Update) | Important | Elevation of Privilege | 5034774 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20526 | Yes | None |
Windows 10 for x64-based Systems | 5035858 (Security Update) | Important | Elevation of Privilege | 5034774 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20526 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5035855 (Security Update) | Important | Elevation of Privilege | 5034767 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6796 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5035855 (Security Update) | Important | Elevation of Privilege | 5034767 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6796 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5035849 (Security Update) | Important | Elevation of Privilege | 5034768 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5035849 (Security Update) | Important | Elevation of Privilege | 5034768 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5035849 (Security Update) | Important | Elevation of Privilege | 5034768 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5035845 (Security Update) | Important | Elevation of Privilege | 5034763 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4170 |
Yes | 5035845 |
Windows 10 Version 21H2 for ARM64-based Systems | 5035845 (Security Update) | Important | Elevation of Privilege | 5034763 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4170 |
Yes | 5035845 |
Windows 10 Version 21H2 for x64-based Systems | 5035845 (Security Update) | Important | Elevation of Privilege | 5034763 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4170 |
Yes | 5035845 |
Windows 10 Version 22H2 for 32-bit Systems | 5035845 (Security Update) | Important | Elevation of Privilege | 5034763 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4170 |
Yes | 5035845 |
Windows 10 Version 22H2 for ARM64-based Systems | 5035845 (Security Update) | Important | Elevation of Privilege | 5034763 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4170 |
Yes | 5035845 |
Windows 10 Version 22H2 for x64-based Systems | 5035845 (Security Update) | Important | Elevation of Privilege | 5034763 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4170 |
Yes | 5035845 |
Windows 11 version 21H2 for ARM64-based Systems | 5035854 (Security Update) | Important | Elevation of Privilege | 5034766 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2836 | Yes | None |
Windows 11 version 21H2 for x64-based Systems | 5035854 (Security Update) | Important | Elevation of Privilege | 5034766 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2836 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5035853 (Security Update) | Important | Elevation of Privilege | 5034765 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3296 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5035853 (Security Update) | Important | Elevation of Privilege | 5034765 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3296 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5035853 (Security Update) | Important | Elevation of Privilege | 5034765 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3296 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5035853 (Security Update) | Important | Elevation of Privilege | 5034765 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3296 | Yes | None |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5035920 (Monthly Rollup) 5035933 (Security Only) |
Important | Elevation of Privilege | 5034795 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22567 |
Yes | 5035920 5035933 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5035920 (Monthly Rollup) 5035933 (Security Only) |
Important | Elevation of Privilege | 5034795 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22567 |
Yes | 5035920 5035933 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5035920 (Monthly Rollup) 5035933 (Security Only) |
Important | Elevation of Privilege | 5034795 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22567 |
Yes | 5035920 5035933 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5035920 (Monthly Rollup) 5035933 (Security Only) |
Important | Elevation of Privilege | 5034795 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22567 |
Yes | 5035920 5035933 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5035888 (Monthly Rollup) 5035919 (Security Only) |
Important | Elevation of Privilege | 5034831 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27017 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5035888 (Monthly Rollup) 5035919 (Security Only) |
Important | Elevation of Privilege | 5034831 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27017 | Yes | None |
Windows Server 2012 | 5035930 (Monthly Rollup) | Important | Elevation of Privilege | 5034830 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24768 | Yes | None |
Windows Server 2012 (Server Core installation) | 5035930 (Monthly Rollup) | Important | Elevation of Privilege | 5034830 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24768 | Yes | None |
Windows Server 2012 R2 | 5035885 (Monthly Rollup) | Important | Elevation of Privilege | 5034819 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21871 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5035885 (Monthly Rollup) | Important | Elevation of Privilege | 5034819 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21871 | Yes | None |
Windows Server 2016 | 5035855 (Security Update) | Important | Elevation of Privilege | 5034767 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6796 | Yes | None |
Windows Server 2016 (Server Core installation) | 5035855 (Security Update) | Important | Elevation of Privilege | 5034767 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6796 | Yes | None |
Windows Server 2019 | 5035849 (Security Update) | Important | Elevation of Privilege | 5034768 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows Server 2019 (Server Core installation) | 5035849 (Security Update) | Important | Elevation of Privilege | 5034768 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows Server 2022 | 5035857 (Security Update) 5035959 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5034770 5034860 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2340 10.0.20348.2333 |
Yes | None |
Windows Server 2022 (Server Core installation) | 5035857 (Security Update) 5035959 (SecurityHotpatchUpdate) |
Important | Elevation of Privilege | 5034770 5034860 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2340 10.0.20348.2333 |
Yes | None |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5035856 (Security Update) | Important | Elevation of Privilege | 5034769 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.763 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-21446 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-21450
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client. According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application. Mitigations: None Workarounds: None Revision: 1.0    12-Mar-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-21450 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5035858 (Security Update) | Important | Remote Code Execution | 5034774 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20526 | Yes | None |
Windows 10 for x64-based Systems | 5035858 (Security Update) | Important | Remote Code Execution | 5034774 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20526 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5035855 (Security Update) | Important | Remote Code Execution | 5034767 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6796 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5035855 (Security Update) | Important | Remote Code Execution | 5034767 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6796 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5035849 (Security Update) | Important | Remote Code Execution | 5034768 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5035849 (Security Update) | Important | Remote Code Execution | 5034768 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5035849 (Security Update) | Important | Remote Code Execution | 5034768 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5035845 (Security Update) | Important | Remote Code Execution | 5034763 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4170 |
Yes | 5035845 |
Windows 10 Version 21H2 for ARM64-based Systems | 5035845 (Security Update) | Important | Remote Code Execution | 5034763 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4170 |
Yes | 5035845 |
Windows 10 Version 21H2 for x64-based Systems | 5035845 (Security Update) | Important | Remote Code Execution | 5034763 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4170 |
Yes | 5035845 |
Windows 10 Version 22H2 for 32-bit Systems | 5035845 (Security Update) | Important | Remote Code Execution | 5034763 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4170 |
Yes | 5035845 |
Windows 10 Version 22H2 for ARM64-based Systems | 5035845 (Security Update) | Important | Remote Code Execution | 5034763 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4170 |
Yes | 5035845 |
Windows 10 Version 22H2 for x64-based Systems | 5035845 (Security Update) | Important | Remote Code Execution | 5034763 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4170 |
Yes | 5035845 |
Windows 11 version 21H2 for ARM64-based Systems | 5035854 (Security Update) | Important | Remote Code Execution | 5034766 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2836 | Yes | None |
Windows 11 version 21H2 for x64-based Systems | 5035854 (Security Update) | Important | Remote Code Execution | 5034766 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2836 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5035853 (Security Update) | Important | Remote Code Execution | 5034765 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3296 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5035853 (Security Update) | Important | Remote Code Execution | 5034765 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3296 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5035853 (Security Update) | Important | Remote Code Execution | 5034765 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3296 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5035853 (Security Update) | Important | Remote Code Execution | 5034765 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3296 | Yes | None |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5035920 (Monthly Rollup) 5035933 (Security Only) |
Important | Remote Code Execution | 5034795 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22567 |
Yes | 5035920 5035933 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5035920 (Monthly Rollup) 5035933 (Security Only) |
Important | Remote Code Execution | 5034795 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22567 |
Yes | 5035920 5035933 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5035920 (Monthly Rollup) 5035933 (Security Only) |
Important | Remote Code Execution | 5034795 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22567 |
Yes | 5035920 5035933 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5035920 (Monthly Rollup) 5035933 (Security Only) |
Important | Remote Code Execution | 5034795 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22567 |
Yes | 5035920 5035933 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5035888 (Monthly Rollup) 5035919 (Security Only) |
Important | Remote Code Execution | 5034831 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27017 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5035888 (Monthly Rollup) 5035919 (Security Only) |
Important | Remote Code Execution | 5034831 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27017 | Yes | None |
Windows Server 2012 | 5035930 (Monthly Rollup) | Important | Remote Code Execution | 5034830 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24768 | Yes | None |
Windows Server 2012 (Server Core installation) | 5035930 (Monthly Rollup) | Important | Remote Code Execution | 5034830 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24768 | Yes | None |
Windows Server 2012 R2 | 5035885 (Monthly Rollup) | Important | Remote Code Execution | 5034819 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21871 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5035885 (Monthly Rollup) | Important | Remote Code Execution | 5034819 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21871 | Yes | None |
Windows Server 2016 | 5035855 (Security Update) | Important | Remote Code Execution | 5034767 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6796 | Yes | None |
Windows Server 2016 (Server Core installation) | 5035855 (Security Update) | Important | Remote Code Execution | 5034767 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6796 | Yes | None |
Windows Server 2019 | 5035849 (Security Update) | Important | Remote Code Execution | 5034768 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows Server 2019 (Server Core installation) | 5035849 (Security Update) | Important | Remote Code Execution | 5034768 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows Server 2022 | 5035857 (Security Update) 5035959 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5034770 5034860 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2340 10.0.20348.2333 |
Yes | None |
Windows Server 2022 (Server Core installation) | 5035857 (Security Update) 5035959 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5034770 5034860 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2340 10.0.20348.2333 |
Yes | None |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5035856 (Security Update) | Important | Remote Code Execution | 5034769 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.763 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-21450 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-21451
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft ODBC Driver Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application. Mitigations: None Workarounds: None Revision: 1.0    12-Mar-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-21451 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5035858 (Security Update) | Important | Remote Code Execution | 5034774 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20526 | Yes | None |
Windows 10 for x64-based Systems | 5035858 (Security Update) | Important | Remote Code Execution | 5034774 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20526 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5035855 (Security Update) | Important | Remote Code Execution | 5034767 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6796 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5035855 (Security Update) | Important | Remote Code Execution | 5034767 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6796 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5035849 (Security Update) | Important | Remote Code Execution | 5034768 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5035849 (Security Update) | Important | Remote Code Execution | 5034768 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5035849 (Security Update) | Important | Remote Code Execution | 5034768 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5035845 (Security Update) | Important | Remote Code Execution | 5034763 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4170 |
Yes | 5035845 |
Windows 10 Version 21H2 for ARM64-based Systems | 5035845 (Security Update) | Important | Remote Code Execution | 5034763 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4170 |
Yes | 5035845 |
Windows 10 Version 21H2 for x64-based Systems | 5035845 (Security Update) | Important | Remote Code Execution | 5034763 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4170 |
Yes | 5035845 |
Windows 10 Version 22H2 for 32-bit Systems | 5035845 (Security Update) | Important | Remote Code Execution | 5034763 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4170 |
Yes | 5035845 |
Windows 10 Version 22H2 for ARM64-based Systems | 5035845 (Security Update) | Important | Remote Code Execution | 5034763 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4170 |
Yes | 5035845 |
Windows 10 Version 22H2 for x64-based Systems | 5035845 (Security Update) | Important | Remote Code Execution | 5034763 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4170 |
Yes | 5035845 |
Windows 11 version 21H2 for ARM64-based Systems | 5035854 (Security Update) | Important | Remote Code Execution | 5034766 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2836 | Yes | None |
Windows 11 version 21H2 for x64-based Systems | 5035854 (Security Update) | Important | Remote Code Execution | 5034766 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2836 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5035853 (Security Update) | Important | Remote Code Execution | 5034765 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3296 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5035853 (Security Update) | Important | Remote Code Execution | 5034765 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3296 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5035853 (Security Update) | Important | Remote Code Execution | 5034765 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3296 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5035853 (Security Update) | Important | Remote Code Execution | 5034765 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3296 | Yes | None |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5035920 (Monthly Rollup) 5035933 (Security Only) |
Important | Remote Code Execution | 5034795 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22567 |
Yes | 5035920 5035933 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5035920 (Monthly Rollup) 5035933 (Security Only) |
Important | Remote Code Execution | 5034795 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22567 |
Yes | 5035920 5035933 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5035920 (Monthly Rollup) 5035933 (Security Only) |
Important | Remote Code Execution | 5034795 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22567 |
Yes | 5035920 5035933 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5035920 (Monthly Rollup) 5035933 (Security Only) |
Important | Remote Code Execution | 5034795 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22567 |
Yes | 5035920 5035933 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5035888 (Monthly Rollup) 5035919 (Security Only) |
Important | Remote Code Execution | 5034831 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27017 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5035888 (Monthly Rollup) 5035919 (Security Only) |
Important | Remote Code Execution | 5034831 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27017 | Yes | None |
Windows Server 2012 | 5035930 (Monthly Rollup) | Important | Remote Code Execution | 5034830 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24768 | Yes | None |
Windows Server 2012 (Server Core installation) | 5035930 (Monthly Rollup) | Important | Remote Code Execution | 5034830 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24768 | Yes | None |
Windows Server 2012 R2 | 5035885 (Monthly Rollup) | Important | Remote Code Execution | 5034819 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21871 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5035885 (Monthly Rollup) | Important | Remote Code Execution | 5034819 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21871 | Yes | None |
Windows Server 2016 | 5035855 (Security Update) | Important | Remote Code Execution | 5034767 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6796 | Yes | None |
Windows Server 2016 (Server Core installation) | 5035855 (Security Update) | Important | Remote Code Execution | 5034767 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6796 | Yes | None |
Windows Server 2019 | 5035849 (Security Update) | Important | Remote Code Execution | 5034768 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows Server 2019 (Server Core installation) | 5035849 (Security Update) | Important | Remote Code Execution | 5034768 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows Server 2022 | 5035857 (Security Update) 5035959 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5034770 5034860 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2340 10.0.20348.2333 |
Yes | None |
Windows Server 2022 (Server Core installation) | 5035857 (Security Update) 5035959 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5034770 5034860 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2340 10.0.20348.2333 |
Yes | None |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5035856 (Security Update) | Important | Remote Code Execution | 5034769 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.763 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-21451 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-26197
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Standards-Based Storage Management Service Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:6.5/TemporalScore:5.7
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    12-Mar-24     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-26197 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows Server 2012 R2 | 5035885 (Monthly Rollup) | Important | Denial of Service | 5034819 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21871 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5035885 (Monthly Rollup) | Important | Denial of Service | 5034819 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.21871 | Yes | None |
Windows Server 2016 | 5035855 (Security Update) | Important | Denial of Service | 5034767 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6796 | Yes | None |
Windows Server 2016 (Server Core installation) | 5035855 (Security Update) | Important | Denial of Service | 5034767 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.6796 | Yes | None |
Windows Server 2019 | 5035849 (Security Update) | Important | Denial of Service | 5034768 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows Server 2019 (Server Core installation) | 5035849 (Security Update) | Important | Denial of Service | 5034768 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows Server 2022 | 5035857 (Security Update) 5035959 (SecurityHotpatchUpdate) |
Important | Denial of Service | 5034770 5034860 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2340 10.0.20348.2333 |
Yes | None |
Windows Server 2022 (Server Core installation) | 5035857 (Security Update) 5035959 (SecurityHotpatchUpdate) |
Important | Denial of Service | 5034770 5034860 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.2340 10.0.20348.2333 |
Yes | None |
CVE ID | Acknowledgements |
CVE-2024-26197 | k0shl with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2024-26159
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft ODBC Driver Remote Code Execution Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:8.8/TemporalScore:7.7
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application. Mitigations: None Workarounds: None Revision: 1.0    12-Mar-24     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-26159 | ||||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
Windows 10 for 32-bit Systems | 5035858 (Security Update) | Important | Remote Code Execution | 5034774 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20526 | Yes | None |
Windows 10 for x64-based Systems | 5035858 (Security Update) | Important | Remote Code Execution | 5034774 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20526 | Yes | None |
Windows 10 Version 1607 for 32-bit Systems | 5035855 (Security Update) | Important | Remote Code Execution | 5034767 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6796 | Yes | None |
Windows 10 Version 1607 for x64-based Systems | 5035855 (Security Update) | Important | Remote Code Execution | 5034767 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6796 | Yes | None |
Windows 10 Version 1809 for 32-bit Systems | 5035849 (Security Update) | Important | Remote Code Execution | 5034768 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows 10 Version 1809 for ARM64-based Systems | 5035849 (Security Update) | Important | Remote Code Execution | 5034768 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows 10 Version 1809 for x64-based Systems | 5035849 (Security Update) | Important | Remote Code Execution | 5034768 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows 10 Version 21H2 for 32-bit Systems | 5035845 (Security Update) | Important | Remote Code Execution | 5034763 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4170 |
Yes | 5035845 |
Windows 10 Version 21H2 for ARM64-based Systems | 5035845 (Security Update) | Important | Remote Code Execution | 5034763 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4170 |
Yes | 5035845 |
Windows 10 Version 21H2 for x64-based Systems | 5035845 (Security Update) | Important | Remote Code Execution | 5034763 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.4170 |
Yes | 5035845 |
Windows 10 Version 22H2 for 32-bit Systems | 5035845 (Security Update) | Important | Remote Code Execution | 5034763 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4170 |
Yes | 5035845 |
Windows 10 Version 22H2 for ARM64-based Systems | 5035845 (Security Update) | Important | Remote Code Execution | 5034763 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4170 |
Yes | 5035845 |
Windows 10 Version 22H2 for x64-based Systems | 5035845 (Security Update) | Important | Remote Code Execution | 5034763 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.4170 |
Yes | 5035845 |
Windows 11 version 21H2 for ARM64-based Systems | 5035854 (Security Update) | Important | Remote Code Execution | 5034766 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2836 | Yes | None |
Windows 11 version 21H2 for x64-based Systems | 5035854 (Security Update) | Important | Remote Code Execution | 5034766 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22000.2836 | Yes | None |
Windows 11 Version 22H2 for ARM64-based Systems | 5035853 (Security Update) | Important | Remote Code Execution | 5034765 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3296 | Yes | None |
Windows 11 Version 22H2 for x64-based Systems | 5035853 (Security Update) | Important | Remote Code Execution | 5034765 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.3296 | Yes | None |
Windows 11 Version 23H2 for ARM64-based Systems | 5035853 (Security Update) | Important | Remote Code Execution | 5034765 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3296 | Yes | None |
Windows 11 Version 23H2 for x64-based Systems | 5035853 (Security Update) | Important | Remote Code Execution | 5034765 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.3296 | Yes | None |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5035920 (Monthly Rollup) 5035933 (Security Only) |
Important | Remote Code Execution | 5034795 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22567 |
Yes | 5035920 5035933 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5035920 (Monthly Rollup) 5035933 (Security Only) |
Important | Remote Code Execution | 5034795 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22567 |
Yes | 5035920 5035933 |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5035920 (Monthly Rollup) 5035933 (Security Only) |
Important | Remote Code Execution | 5034795 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22567 |
Yes | 5035920 5035933 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5035920 (Monthly Rollup) 5035933 (Security Only) |
Important | Remote Code Execution | 5034795 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.22567 |
Yes | 5035920 5035933 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5035888 (Monthly Rollup) 5035919 (Security Only) |
Important | Remote Code Execution | 5034831 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27017 | Yes | None |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5035888 (Monthly Rollup) 5035919 (Security Only) |
Important | Remote Code Execution | 5034831 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27017 | Yes | None |
Windows Server 2012 | 5035930 (Monthly Rollup) | Important | Remote Code Execution | 5034830 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24768 | Yes | None |
Windows Server 2012 (Server Core installation) | 5035930 (Monthly Rollup) | Important | Remote Code Execution | 5034830 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.24768 | Yes | None |
Windows Server 2012 R2 | 5035885 (Monthly Rollup) | Important | Remote Code Execution | 5034819 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21871 | Yes | None |
Windows Server 2012 R2 (Server Core installation) | 5035885 (Monthly Rollup) | Important | Remote Code Execution | 5034819 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.21871 | Yes | None |
Windows Server 2016 | 5035855 (Security Update) | Important | Remote Code Execution | 5034767 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6796 | Yes | None |
Windows Server 2016 (Server Core installation) | 5035855 (Security Update) | Important | Remote Code Execution | 5034767 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.6796 | Yes | None |
Windows Server 2019 | 5035849 (Security Update) | Important | Remote Code Execution | 5034768 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows Server 2019 (Server Core installation) | 5035849 (Security Update) | Important | Remote Code Execution | 5034768 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.5576 | Yes | None |
Windows Server 2022 | 5035857 (Security Update) 5035959 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5034770 5034860 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2340 10.0.20348.2333 |
Yes | None |
Windows Server 2022 (Server Core installation) | 5035857 (Security Update) 5035959 (SecurityHotpatchUpdate) |
Important | Remote Code Execution | 5034770 5034860 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.2340 10.0.20348.2333 |
Yes | None |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5035856 (Security Update) | Important | Remote Code Execution | 5034769 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.763 | Yes | None |
CVE ID | Acknowledgements |
CVE-2024-26159 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | |||||||||||||||
CVE-2024-26190
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft QUIC Denial of Service Vulnerability
CVSS: CVSS:3.1 Highest BaseScore:7.5/TemporalScore:6.5
|