Security
Headlines
HeadlinesLatestCVEs

Source

Microsoft Security Response Center

CVE-2024-38130: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

****How could an attacker exploit this vulnerability?****

Microsoft Security Response Center
Open in Source
#vulnerability#windows#rce#Windows Routing and Remote Access Service (RRAS)#Security Vulnerability
CVE-2024-38140: Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability

**The following mitigating factors might be helpful in your situation:** This vulnerability is only exploitable only if there is a program listening on a Pragmatic General Multicast (PGM) port. If PGM is installed or enabled but no programs are actively listening as a receiver, then this vulnerability is not exploitable. PGM does not authenticate requests so it is recommended to protect access to any open ports at the network level (e.g. with a firewall). It is not recommended to expose a PGM receiver to the public internet.

CVE-2024-38142: Windows Secure Kernel Mode Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2024-38141: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2024-38136: Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2024-38135: Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2024-38134: Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2024-7536: Chromium: CVE-2024-7550 Type Confusion in V8

**What is the version information for this release?** Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 127.0.2651.98 127.0.6533.99/.100 8/8/2024

CVE-2024-7535: Chromium: CVE-2024-7536 Use after free in WebAudio

**What is the version information for this release?** Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 127.0.2651.98 127.0.6533.99/.100 8/8/2024

CVE-2024-7534: Chromium: CVE-2024-7535 Inappropriate implementation in V8

**What is the version information for this release?** Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 127.0.2651.98 127.0.6533.99/.100 8/8/2024