Security
Headlines
HeadlinesLatestCVEs

Latest News

CVE-2024-49128: Windows Remote Desktop Services Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker could successfully exploit this vulnerability by connecting to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code.

Microsoft Security Response Center
Open in Source
#vulnerability#windows#rce#Windows Remote Desktop Services#Security Vulnerability
CVE-2024-49127: Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2024-49116: Windows Remote Desktop Services Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2024-49114: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2024-49118: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition during the execution of a specific operation that recurs in a low frequency on the target system. This might require an attacker to invest a significant amount of time to exploit the vulnerability if the race condition is not won.

CVE-2024-49112: Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An unauthenticated attacker who successfully exploited this vulnerability could gain code execution through a specially crafted set of LDAP calls to execute arbitrary code within the context of the LDAP service.

CVE-2024-49110: Windows Mobile Broadband Driver Elevation of Privilege Vulnerability

**According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability?** An attacker needs physical access to the target computer to plug in a malicious USB drive.

CVE-2024-49095: Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2024-49109: Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2024-49138: Windows Common Log File System Driver Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.