Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2024-30074: Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?** Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions.

Microsoft Security Response Center
Open in Source
#vulnerability#windows#rce#Windows Link Layer Topology Discovery Protocol#Security Vulnerability
CVE-2024-30076: Windows Container Manager Service Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2024-30075: Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?** Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions.

CVE-2024-30078: Windows Wi-Fi Driver Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?** Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions.

CVE-2024-35250: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2024-30077: Windows OLE Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.

CVE-2024-30069: Windows Remote Access Connection Manager Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

Microsoft Modifies 'Recall' AI Feature Amid Privacy, Security Failings

In response to recent public outcry, Recall is getting new security accouterments. Will that be enough to quell concerns?

Making Choices that Lead to Stronger Vulnerability Management

The threat environment will continue to grow in complexity. Now is the time for organizations to streamline how they manage and mitigate overlooked vulnerabilities.

Malicious Node on ComfyUI Steals Data from Crypto, Browser Users

Cryptocurrency users beware: A malicious ComfyUI node steals sensitive data like passwords, crypto wallet addresses, etc. Stay safe…