Security
Headlines
HeadlinesLatestCVEs

Source

Microsoft Security Response Center

CVE-2024-26238: Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Microsoft Security Response Center
Open in Source
#vulnerability#microsoft#Windows Task Scheduler#Security Vulnerability
CVE-2024-30059: Microsoft Intune for Android Mobile Application Management Tampering Vulnerability

**How could an attacker exploit this vulnerability?** To exploit this vulnerability, an attacker requires access to a rooted target device and must disable certain components of the Intune Mobile Application Manager which do not fully impact availability. An attacker could then gain access to sensitive files based on the targeted device's privileges but does not provide the ability to alter data.

CVE-2024-30024: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?** This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.

CVE-2024-29994: Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2024-30030: Win32k Elevation of Privilege Vulnerability

**According to the CVSS metric, privileges required is Low (PR:L). What does that mean for this vulnerability?** To exploit this vulnerability an attacker must have an account with the User role assigned.

CVE-2024-30029: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.

CVE-2024-30032: Windows DWM Core Library Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2024-30031: Windows CNG Key Isolation Service Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2024-30034: Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** Exploiting this vulnerability could allow the disclosure of certain kernel memory content.

CVE-2024-30033: Windows Search Service Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.