Security
Headlines
HeadlinesLatestCVEs

Tag

#Security Vulnerability

CVE-2024-30009: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?** This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.

Microsoft Security Response Center
Open in Source
#vulnerability#windows#rce#Windows Routing and Remote Access Service (RRAS)#Security Vulnerability
CVE-2024-29999: Windows Mobile Broadband Driver Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability?** To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine

CVE-2024-29998: Windows Mobile Broadband Driver Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability?** To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine

CVE-2024-29997: Windows Mobile Broadband Driver Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability?** To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine

CVE-2024-30007: Microsoft Brokering File System Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** An attacker who successfully exploited this vulnerability could potentially gain the ability to authenticate against a remote host using the current user’s credentials.

CVE-2024-30006: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.

CVE-2024-30005: Windows Mobile Broadband Driver Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability?** To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine

CVE-2024-30004: Windows Mobile Broadband Driver Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability?** To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine

CVE-2024-30003: Windows Mobile Broadband Driver Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability?** To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine

CVE-2024-30002: Windows Mobile Broadband Driver Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability?** To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine