Rewterz Threat Alert – PatchWork APT Threat Actor Group – Active IOCs
January 12, 2024Rewterz Threat Advisory – Multiple Intel NUC BIOS and NUC BIOS Firmware Vulnerabilities
January 12, 2024Rewterz Threat Alert – PatchWork APT Threat Actor Group – Active IOCs
January 12, 2024Rewterz Threat Advisory – Multiple Intel NUC BIOS and NUC BIOS Firmware Vulnerabilities
January 12, 2024Severity
Medium
Analysis Summary
CVE-2024-20663 CVSS:6.5
Microsoft Windows could a remote authenticated attacker to obtain sensitive information, caused by a flaw in the Message Queuing Client (MSMQC) component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information from heap memory and use this information to launch further attacks against the affected system.
CVE-2024-20692 CVSS:5.7
Microsoft Windows could a remote authenticated attacker to obtain sensitive information, caused by a flaw in the Local Security Authority Subsystem Service component. By persuading a victim to connect to an Active Directory Domain Controller, an attacker could exploit this vulnerability to network secrets and then use this information to launch further attacks against the affected system.
CVE-2024-20681 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Subsystem for Linux component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2024-20660 CVSS:6.5
Microsoft Windows could a remote authenticated attacker to obtain sensitive information, caused by a flaw in the Message Queuing Client (MSMQC) component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information from heap memory and use this information to launch further attacks against the affected system.
CVE-2024-20655 CVSS:6.6
Microsoft Windows could allow a local authenticated attacker to execute arbitrary code on the system, caused by a flaw in the Online Certificate Status Protocol (OCSP) component. By winning a race condition, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-21316 CVSS:6.1
Microsoft Windows could allow a remote authenticated attacker to bypass security restrictions, cause by a flaw in the Server Key Distribution Service component. By creating an x509 certificate with an MD5 property, an attacker could exploit this vulnerability to cause certificate validation to fail.
CVE-2024-20657 CVSS:7
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Group Policy component. By winning a race condition, an authenticated attacker could exploit this vulnerability to execute arbitrary code with SYSTEM privileges.
CVE-2024-20652 CVSS:7.5
Microsoft Windows could allow a remote authenticated attacker to bypass security restrictions, cause by a flaw in the HTML Platforms component. An attacker could exploit this vulnerability to bypass security the MapURLToZone method and cause an impact on confidentiality, integrity and availability.
CVE-2024-20682 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to execute arbitrary code on the system, caused by a flaw in the Cryptographic Services component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-21306 CVSS:5.7
Microsoft Windows Bluetooth Driver could allow a remote attacker within the local network to conduct spoofing attacks.
CVE-2024-21309 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Kernel-Mode Driver component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
Impact
- Privilege Escalation
- Code Execution
- Security Bypass
- Gain Access
Indicators Of Compromise
CVE
- CVE-2024-20663
- CVE-2024-20692
- CVE-2024-20681
- CVE-2024-20660
- CVE-2024-20655
- CVE-2024-21316
- CVE-2024-20657
- CVE-2024-20652
- CVE-2024-20682
- CVE-2024-21306
- CVE-2024-21309
Affected Vendors
Microsoft
Affected Products
- Microsoft Windows Server 2016
- Microsoft Windows Server 2019
- Microsoft Windows 10 x64
- Microsoft Windows 10 1809 for 32-bit Systems
- Microsoft Windows 10 1809 for x64-based Systems
- Microsoft Windows 10 1809 for ARM64-based Systems
- Microsoft Windows Server 2012
- Microsoft Windows Server 2012 R2
- Microsoft Windows 10 x32
- Microsoft Windows Server (Server Core installation) 2016
- Microsoft Windows Server (Server Core installation) 2012 R2
- Microsoft Windows Server (Server Core installation) 2012
- Microsoft Windows Server for X64-based systems 2008 R2 SP1
- Microsoft Windows Server for X64-based systems (Server Core installation) 2008 SP2
- Microsoft Windows Server for 32-bit systems 2008 SP2
- Microsoft Windows 10 1607 for 32-bit Systems
- Microsoft Windows 10 1607 for x64-based Systems
- Microsoft Windows Server for 32-bit systems (Server Core installation) 2008 SP2
- Microsoft Windows Server 2022
- Microsoft Windows Server for X64-based systems 2008 SP2
- Microsoft Windows 10 21H2 for 32-bit Systems
- Microsoft Windows 10 21H2 for ARM64-based Systems
- Microsoft Windows 10 21H2 for x64-based Systems
- Microsoft Windows Server for X64-based systems 2008 R2 SP1 Microsoft Windows Server for 32-bit systems (Server Core installation) 2008 SP2
- Microsoft Windows 11 22H2 for ARM64-based Systems
- Microsoft Windows Server for 32-bit systems 2008 SP2 Microsoft Windows Server for X64-based systems (Server Core installation) 2008 R2 SP1
- Microsoft Windows 11 22H2 for x64-based Systems Microsoft Windows Server 2012
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.