Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

CVE-2024-30071: Windows Remote Access Connection Manager Information Disclosure Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

Microsoft Security Response Center
Open in Source
#vulnerability#windows#Windows Remote Access Connection Manager#Security Vulnerability
CVE-2024-32987: Microsoft SharePoint Server Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is data inside the targeted website like IDs, tokens, cryptographic nonces, and other sensitive information.

CVE-2024-38112: Windows MSHTML Platform Spoofing Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

CVE-2024-38104: Windows Fax Service Remote Code Execution Vulnerability

The following mitigating factor might be helpful in your situation: To be exploitable by this vulnerability the Windows Fax Service has to be installed and configured. If Windows Fax Service is enabled, consider disabling it until you have installed this update that addresses this vulnerability.

CVE-2024-30013: Windows MultiPoint Services Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An unauthenticated attacker can exploit this vulnerability by sending a malicious request packet via a client machine to a Windows Server configured to be a Multipoint Service over a network, and then waiting for the server to stop or restart.

CVE-2024-26184: Secure Boot Security Feature Bypass Vulnerability

**According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?** An authenticated attacker could exploit this vulnerability with LAN access.

CVE-2024-38100: Windows File Explorer Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** An attacker who successfully exploited this vulnerability could gain administrator privileges.

CVE-2024-38086: Azure Kinect SDK Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment.

CVE-2024-38085: Windows Graphics Component Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2024-38080: Windows Hyper-V Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.