Security
Headlines
HeadlinesLatestCVEs

Tag

#rce

CVE-2024-30052: Visual Studio Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.

Microsoft Security Response Center
Open in Source
#vulnerability#rce#Visual Studio#Security Vulnerability
CVE-2024-30063: Windows Distributed File System (DFS) Remote Code Execution Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** This vulnerability could be triggered when a user connects a Windows client to a malicious server.

CVE-2024-30080: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

**How could an attacker exploit the vulnerability?** To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server. This could result in remote code execution on the server side.

CVE-2024-30078: Windows Wi-Fi Driver Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?** Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions.

CVE-2024-30077: Windows OLE Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.

CVE-2024-30062: Windows Standards-Based Storage Management Service Remote Code Execution Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** A user would have to restart the compromised service on the server to trigger the vulnerability.

CVE-2024-30074: Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?** Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions.

CVE-2024-30072: Microsoft Event Trace Log File Parsing Remote Code Execution Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** An attacker must send the user a malicious file and convince them to open it.

CVE-2024-30075: Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?** Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions.