Multiple Linux Kernel Vulnerabilities
September 13, 2024Multiple GitLab Products Vulnerabilities
September 13, 2024Multiple Linux Kernel Vulnerabilities
September 13, 2024Multiple GitLab Products Vulnerabilities
September 13, 2024Severity
High
Analysis Summary
CVE-2024-43465 CVSS:7.8
Microsoft Excel could allow a remote attacker to gain elevated privileges on the system. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2024-37980 CVSS:8.8
Microsoft SQL Server could allow a remote authenticated attacker to gain elevated privileges on the system. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2024-38249 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Graphics component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2024-38220 CVSS:9
Microsoft Azure Stack Hub could allow a remote authenticated attacker to gain elevated privileges on the system. By persuading a victim to open a specially crafted content, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2024-38216 CVSS:8.2
Microsoft Azure Stack Hub could allow a remote authenticated attacker to gain elevated privileges on the system. By persuading a victim to open a specially crafted content, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2024-38253 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Win32 Kernel Subsystem component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2024-43467 CVSS:7.5
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the Remote Desktop Licensing Service component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-38232 CVSS:7.5
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the Networking component. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-38230 CVSS:6.5
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the Standards-Based Storage Management Service component. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-38240 CVSS:8.1
Microsoft Windows could allow a remote attacker to gain elevated privileges on the system, caused by a flaw in the Remote Access Connection Manager component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2024-43455 CVSS:8.8
Microsoft Windows could allow a remote authenticated attacker to conduct spoofing attacks.
CVE-2024-38236 CVSS:7.5
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the DHCP Server Service component. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-38254 CVSS:5.5
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Authentication component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2024-38231 CVSS:6.5
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the Remote Desktop Licensing Service component. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-43457 CVSS:7.8
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by an unquoted search path in the Setup and Deployment component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
Impact
- Denial of Service
- Gain Access
- Code Execution
- Privilege Escalation
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-43465
- CVE-2024-37980
- CVE-2024-38249
- CVE-2024-38220
- CVE-2024-38216
- CVE-2024-38253
- CVE-2024-43467
- CVE-2024-38232
- CVE-2024-38230
- CVE-2024-38240
- CVE-2024-43455
- CVE-2024-38236
- CVE-2024-38254
- CVE-2024-38231
- CVE-2024-43457
Affected Vendors
Affected Products
- Microsoft Windows Server 2022
- Microsoft Azure Stack Hub
- Microsoft Windows 10 Version 1607 - 10.0.0
- Microsoft Windows 10 Version 1607 for 32-bit Systems - 1607
- Microsoft Windows 10 Version 1809 - 10.0.0
- Microsoft 365 Apps for Enterprise - 16.0.1
- Microsoft Office 2019 - 19.0.0
- Microsoft Windows 11 version 21H2 - 10.0.0
- Microsoft Windows 11 version 22H2 - 10.0.0
- Microsoft Windows 11 version 22H3 - 10.0.0
- Microsoft Windows Server 2016 - 10.0.0
- Microsoft Windows Server 2019 - 10.0.0
- Microsoft Windows Server 2008 Service Pack 2 - 6.0.0
- Microsoft Windows 11 Version 24H2 - 10.0.0
- Microsoft Windows 11 Version 24H2 for x64-based Systems - 24H2
- Microsoft Windows Server 2019 (Server Core installation) - 10.0.0
- Microsoft Windows Server 2022 - 10.0.0
- Microsoft Office Online Server - 16.0.1
- Microsoft Office LTSC for Mac 2021 - 16.0.1
- Microsoft SQL Server 2017 (GDR) - 14.0.0
- Microsoft SQL Server 2019 (GDR) - 15.0.0
- Microsoft SQL Server 2016 Service Pack 3 (GDR) - 13.0.0
- Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack - 13.0.0
- Microsoft Azure Stack Hub - 1.0.0
- Microsoft Windows 11 Version 23H2 - 10.0.0
- Microsoft Windows Server 2016 (Server Core installation) - 10.0.0
- Microsoft Windows Server 2008 Service Pack 2 (Server Core installation) - 6.0.0
- Microsoft Windows Server 2008 R2 Service Pack 1 - 6.1.0
- Microsoft Windows 11 Version 24H2 for ARM64-based Systems - 24H2
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.