CVE-2024-43574: Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability

CVE-2024-43572: Microsoft Management Console Remote Code Execution Vulnerability

CVE-2024-43593: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVE-2024-43592: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVE-2024-43583: Winlogon Elevation of Privilege Vulnerability

*Are there any pre-requisites for this vulnerability to be exploited in Intune Management Extension?*

This vulnerability only exists when Intune Management Extension is enabled as managed installer. Enabling IME as managed installer requires local administrator privileges.

*What should I do to protect myself from this vulnerability?*

No action is required. As soon as the client connects to the service, it automatically receives a message to update.

Headline

CVE-2021-41363: Intune Management Extension Security Feature Bypass Vulnerability

Microsoft Security Response Center: Latest News