Security
Headlines
HeadlinesLatestCVEs

Source

Microsoft Security Response Center

CVE-2024-20676: Azure Storage Mover Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H) and the privileges required is high (PR:H). What does this mean for this vulnerability?** For a successful exploitation, the attacker would need some key information like ARMID and UUID of the installed agent as pre-requisite.

Microsoft Security Response Center
Open in Source
#vulnerability#rce#Azure Storage Mover#Security Vulnerability
CVE-2024-20691: Windows Themes Information Disclosure Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2024-20690: Windows Nearby Sharing Spoofing Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** This vulnerability could be triggered when a malicious actor spoofs a machine with the same name that a user is searching for.

CVE-2024-20682: Windows Cryptographic Services Remote Code Execution Vulnerability

**According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?** Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.

CVE-2024-20658: Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability

**What privileges an attacker could gain with a successful exploitation?** An attacker who successfully exploited this vulnerability could gain privilege escalation in the processing of .vhdx files in the Windows Kernel.

CVE-2024-20657: Windows Group Policy Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2024-20694: Windows CoreMessaging Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could potentially read small portions of stack memory.

CVE-2024-20680: Windows Message Queuing Client (MSMQC) Information Disclosure

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

CVE-2024-20683: Win32k Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.