CVE-2024-12382: Chromium: CVE-2024-12382 Use after free in Translate

CVE-2024-12381: Chromium: CVE-2024-12381 Type Confusion in V8

CVE-2024-49071: Windows Defender Information Disclosure Vulnerability

CVE-2024-49147: Microsoft Update Catalog Elevation of Privilege Vulnerability

CVE-2024-49138: Windows Common Log File System Driver Elevation of Privilege Vulnerability

**How could an attacker exploit this vulnerability?**

An authenticated attacker could exploit the vulnerability by triggering remote code execution (RCE) on the server via a Remote Desktop connection. Alternatively, an authenticated attacker could trigger guest-to-host RCE via a malicious program by connecting to the host using MMC.

Headline

CVE-2024-49105: Remote Desktop Client Remote Code Execution Vulnerability

Microsoft Security Response Center: Latest News