CVE-2024-43574: Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability

CVE-2024-43572: Microsoft Management Console Remote Code Execution Vulnerability

CVE-2024-43593: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVE-2024-43592: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVE-2024-43583: Winlogon Elevation of Privilege Vulnerability

*How Could an Attacker Exploit this Vulnerability?* A remote code execution vulnerability exists when a VM guest fails to properly handle communication on a VMBus channel. To exploit the vulnerability, an authenticated attacker could send a specially crafted communication on the VMBus channel from the guest VM to the Host. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system.

Headline

CVE-2021-26443: Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability

Microsoft Security Response Center: Latest News