Security
Headlines
HeadlinesLatestCVEs

Tag

#Security Vulnerability

CVE-2024-43557: Windows Mobile Broadband Driver Denial of Service Vulnerability

**According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?** Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions.

Microsoft Security Response Center
Open in Source
#vulnerability#windows#dos#Windows Mobile Broadband#Security Vulnerability
CVE-2024-43556: Windows Graphics Component Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2024-43555: Windows Mobile Broadband Driver Denial of Service Vulnerability

**According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?** Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions.

CVE-2024-43553: NT OS Kernel Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain Kernel Memory Access.

CVE-2024-43536: Windows Mobile Broadband Driver Remote Code Execution Vulnerability

**According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability?** An attacker needs physical access to the target computer to plug in a malicious USB drive.

CVE-2024-43528: Windows Secure Kernel Mode Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2024-43610: Copilot Studio Information Disclosure Vulnerability

**Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?** This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. This purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

CVE-2024-43547: Windows Kerberos Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode process.

CVE-2024-43546: Windows Cryptographic Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of OAEP decrypt information. An attacker could read the contents of OAEP decrypt from a user mode process.

CVE-2024-43524: Windows Mobile Broadband Driver Remote Code Execution Vulnerability

**According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability?** An attacker needs physical access to the target computer to plug in a malicious USB drive.