Security
Headlines
HeadlinesLatestCVEs

Tag

#Windows Internet Connection Sharing (ICS)

CVE-2024-38105: Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability

**According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?** This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.

Microsoft Security Response Center
#vulnerability#windows#dos#Windows Internet Connection Sharing (ICS)#Security Vulnerability
CVE-2024-38101: Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability

**According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?** This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.

CVE-2024-38053: Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability

**According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?** This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.

CVE-2024-38102: Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability

**According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?** This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.

CVE-2024-26253: Windows rndismp6.sys Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability?** An unauthenticated attacker needs to physically connect a specially crafted USB device to exploit this vulnerability.

CVE-2024-26252: Windows rndismp6.sys Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability?** An unauthenticated attacker needs to physically connect a specially crafted USB device to exploit this vulnerability.

CVE-2024-21344: Windows Network Address Translation (NAT) Denial of Service Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

CVE-2024-21357: Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

CVE-2023-35630: Internet Connection Sharing (ICS) Remote Code Execution Vulnerability

**According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?** This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.

CVE-2023-35632: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.