CVE-2024-43574: Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability

CVE-2024-43572: Microsoft Management Console Remote Code Execution Vulnerability

CVE-2024-43593: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVE-2024-43592: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVE-2024-43583: Winlogon Elevation of Privilege Vulnerability

**How could an attacker exploit this vulnerability?**

To exploit this vulnerability, an attacker requires access to a rooted target device and must disable certain components of the Intune Mobile Application Manager which do not fully impact availability. An attacker could then gain access to sensitive files based on the targeted device's privileges but does not provide the ability to alter data.

Headline

CVE-2024-30059: Microsoft Intune for Android Mobile Application Management Tampering Vulnerability

Microsoft Security Response Center: Latest News