Security
Headlines
HeadlinesLatestCVEs

Tag

#Security Vulnerability

CVE-2024-43457: Windows Setup and Deployment Elevation of Privilege Vulnerability

**Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?** The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.

Microsoft Security Response Center
#vulnerability#mac#windows#Windows Setup and Deployment#Security Vulnerability
CVE-2024-43455: Windows Remote Desktop Licensing Service Spoofing Vulnerability

**How could an attacker exploit this vulnerability?** To successfully exploit this vulnerability an attacker must send specially crafted requests to the Terminal Server Licensing Service, which must be running and accessible over the network.

CVE-2024-21416: Windows TCP/IP Remote Code Execution Vulnerability

**Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?** The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.

CVE-2024-38263: Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

**According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?** Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.

CVE-2024-43461: Windows MSHTML Platform Spoofing Vulnerability

**Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?** The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.

CVE-2024-43458: Windows Networking Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.

CVE-2024-38258: Windows Remote Desktop Licensing Service Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.

CVE-2024-38257: Microsoft AllJoyn API Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.

CVE-2024-38248: Windows Storage Elevation of Privilege Vulnerability

**Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?** The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.

CVE-2024-43454: Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

**According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of availability (A:L) and a total loss of Integrity (I:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability enables an attacker to perform arbitrary file deletion (I:H). That file deletion might result in partial loss of component availability. (A:L).