Security
Headlines
HeadlinesLatestCVEs

Tag

#Microsoft Devices

CVE-2024-21325: Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** A user needs to be tricked into running malicious files.

Microsoft Security Response Center
#vulnerability#microsoft#rce#Microsoft Devices#Security Vulnerability
CVE-2021-43899: Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability

**What firmware version of the Microsoft 4K Wireless Display Adapter has the update that protects from this vulnerability?** All firmware versions of the Microsoft 4K Wireless Display Adapter that are 3.9520.47 and higher are protected from this vulnerability. **How do I ensure my Microsoft 4K Wireless Display Adapter device has the update?** You will need to install the Microsoft Wireless Display Adapter app from the Microsoft Store onto a system connected to the Microsoft 4K Wireless Display Adapter. Once installed, use the **Update & security** section of the app to download and install the latest firmware. **How could an attacker exploit this vulnerability?** An unauthenticated attacker on the same network as the Microsoft 4K Display Adapter could send specially crafted packets to a vulnerable device.

CVE-2021-42299: Microsoft Surface Pro 3 Security Feature Bypass Vulnerability

*Which Surface devices are affected by this vulnerability?* The Surface Pro 3. *Are any other devices vulnerable?* Microsoft has confirmed that the Surface Pro 3 is vulnerable. However, it is possible that other devices, including non-Microsoft devices, using a similar BIOS may also be vulnerable. The Surface Pro 4, Surface Book, and more recent Surface devices are not vulnerable. *What can an attacker do with this vulnerability?* Devices use Platform Configuration Registers (PCRs) to record information about device and software configuration to ensure that the boot process is secure. Windows uses these PCR measurements to determine device health. A vulnerable device can masquerade as a healthy device by extending arbitrary values into Platform Configuration Register (PCR) banks. *How do I protect myself?* This technique requires physical access to a target victim’s device, or an attacker would already have had to compromise a legitimate user's credentials. We encourage custom...