CVE-2024-9603: Chromium: CVE-2024-9603 Type Confusion in V8

CVE-2024-9602: Chromium: CVE-2024-9602 Type Confusion in V8

CVE-2024-43536: Windows Mobile Broadband Driver Remote Code Execution Vulnerability

CVE-2024-43528: Windows Secure Kernel Mode Elevation of Privilege Vulnerability

CVE-2024-43524: Windows Mobile Broadband Driver Remote Code Execution Vulnerability

**According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?**

An attacker would require access to a low privileged session on the user's device to obtain a JWT (JSON Web Token) which can then be used to craft a long-lived assertion using the Windows Hello for Business Key from the victim's device.

Headline

CVE-2023-36871: Azure Active Directory Security Feature Bypass Vulnerability

Microsoft Security Response Center: Latest News