This report contains detail for the following vulnerabilities:
Tag | CVE ID | CVE Title | Severity |
---|---|---|---|
.NET and Visual Studio | CVE-2024-38229 | .NET and Visual Studio Remote Code Execution Vulnerability | Important |
.NET and Visual Studio | CVE-2024-43485 | .NET and Visual Studio Denial of Service Vulnerability | Important |
.NET, .NET Framework, Visual Studio | CVE-2024-43484 | .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | Important |
.NET, .NET Framework, Visual Studio | CVE-2024-43483 | .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | Important |
Azure CLI | CVE-2024-43591 | Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability | Important |
Azure Monitor | CVE-2024-38097 | Azure Monitor Agent Elevation of Privilege Vulnerability | Important |
Azure Stack | CVE-2024-38179 | Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege Vulnerability | Important |
BranchCache | CVE-2024-43506 | BranchCache Denial of Service Vulnerability | Important |
BranchCache | CVE-2024-38149 | BranchCache Denial of Service Vulnerability | Important |
Code Integrity Guard | CVE-2024-43585 | Code Integrity Guard Security Feature Bypass Vulnerability | Important |
DeepSpeed | CVE-2024-43497 | DeepSpeed Remote Code Execution Vulnerability | Important |
Internet Small Computer Systems Interface (iSCSI) | CVE-2024-43515 | Internet Small Computer Systems Interface (iSCSI) Denial of Service Vulnerability | Important |
Microsoft ActiveX | CVE-2024-43517 | Microsoft ActiveX Data Objects Remote Code Execution Vulnerability | Important |
Microsoft Configuration Manager | CVE-2024-43468 | Microsoft Configuration Manager Remote Code Execution Vulnerability | Critical |
Microsoft Defender for Endpoint | CVE-2024-43614 | Microsoft Defender for Endpoint for Linux Spoofing Vulnerability | Important |
Microsoft Edge (Chromium-based) | CVE-2024-9369 | Chromium: CVE-2024-9369 Insufficient data validation in Mojo | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-9370 | Chromium: CVE-2024-9370 Inappropriate implementation in V8 | Unknown |
Microsoft Edge (Chromium-based) | CVE-2024-7025 | Chromium: CVE-2024-7025 Integer overflow in Layout | Unknown |
Microsoft Graphics Component | CVE-2024-43534 | Windows Graphics Component Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2024-43508 | Windows Graphics Component Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2024-43556 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
Microsoft Graphics Component | CVE-2024-43509 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
Microsoft Management Console | CVE-2024-43572 | Microsoft Management Console Remote Code Execution Vulnerability | Important |
Microsoft Office | CVE-2024-43616 | Microsoft Office Remote Code Execution Vulnerability | Important |
Microsoft Office | CVE-2024-43576 | Microsoft Office Remote Code Execution Vulnerability | Important |
Microsoft Office | CVE-2024-43609 | Microsoft Office Spoofing Vulnerability | Important |
Microsoft Office Excel | CVE-2024-43504 | Microsoft Excel Remote Code Execution Vulnerability | Important |
Microsoft Office SharePoint | CVE-2024-43503 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important |
Microsoft Office Visio | CVE-2024-43505 | Microsoft Office Visio Remote Code Execution Vulnerability | Important |
Microsoft Simple Certificate Enrollment Protocol | CVE-2024-43544 | Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability | Important |
Microsoft Simple Certificate Enrollment Protocol | CVE-2024-43541 | Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability | Important |
Microsoft WDAC OLE DB provider for SQL | CVE-2024-43519 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
Microsoft Windows Speech | CVE-2024-43574 | Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability | Important |
OpenSSH for Windows | CVE-2024-43615 | Microsoft OpenSSH for Windows Remote Code Execution Vulnerability | Important |
OpenSSH for Windows | CVE-2024-43581 | Microsoft OpenSSH for Windows Remote Code Execution Vulnerability | Important |
OpenSSH for Windows | CVE-2024-38029 | Microsoft OpenSSH for Windows Remote Code Execution Vulnerability | Important |
Outlook for Android | CVE-2024-43604 | Outlook for Android Elevation of Privilege Vulnerability | Important |
Power BI | CVE-2024-43612 | Power BI Report Server Spoofing Vulnerability | Important |
Power BI | CVE-2024-43481 | Power BI Report Server Spoofing Vulnerability | Important |
Remote Desktop Client | CVE-2024-43533 | Remote Desktop Client Remote Code Execution Vulnerability | Important |
Remote Desktop Client | CVE-2024-43599 | Remote Desktop Client Remote Code Execution Vulnerability | Important |
Role: Windows Hyper-V | CVE-2024-43521 | Windows Hyper-V Denial of Service Vulnerability | Important |
Role: Windows Hyper-V | CVE-2024-20659 | Windows Hyper-V Security Feature Bypass Vulnerability | Important |
Role: Windows Hyper-V | CVE-2024-43567 | Windows Hyper-V Denial of Service Vulnerability | Important |
Role: Windows Hyper-V | CVE-2024-43575 | Windows Hyper-V Denial of Service Vulnerability | Important |
RPC Endpoint Mapper Service | CVE-2024-43532 | Remote Registry Service Elevation of Privilege Vulnerability | Important |
Service Fabric | CVE-2024-43480 | Azure Service Fabric for Linux Remote Code Execution Vulnerability | Important |
Sudo for Windows | CVE-2024-43571 | Sudo for Windows Spoofing Vulnerability | Important |
Visual C++ Redistributable Installer | CVE-2024-43590 | Visual C++ Redistributable Installer Elevation of Privilege Vulnerability | Important |
Visual Studio | CVE-2024-43603 | Visual Studio Collector Service Denial of Service Vulnerability | Important |
Visual Studio Code | CVE-2024-43488 | Visual Studio Code extension for Arduino Remote Code Execution Vulnerability | Critical |
Visual Studio Code | CVE-2024-43601 | Visual Studio Code for Linux Remote Code Execution Vulnerability | Important |
Windows Ancillary Function Driver for WinSock | CVE-2024-43563 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
Windows BitLocker | CVE-2024-43513 | BitLocker Security Feature Bypass Vulnerability | Important |
Windows Common Log File System Driver | CVE-2024-43501 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
Windows Cryptographic Services | CVE-2024-43546 | Windows Cryptographic Information Disclosure Vulnerability | Important |
Windows cURL Implementation | CVE-2024-6197 | Open Source Curl Remote Code Execution Vulnerability | Important |
Windows EFI Partition | CVE-2024-37982 | Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability | Important |
Windows EFI Partition | CVE-2024-37976 | Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability | Important |
Windows EFI Partition | CVE-2024-37983 | Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability | Important |
Windows Hyper-V | CVE-2024-30092 | Windows Hyper-V Remote Code Execution Vulnerability | Important |
Windows Kerberos | CVE-2024-43547 | Windows Kerberos Information Disclosure Vulnerability | Important |
Windows Kerberos | CVE-2024-38129 | Windows Kerberos Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2024-43502 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2024-43511 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2024-43520 | Windows Kernel Denial of Service Vulnerability | Important |
Windows Kernel | CVE-2024-43527 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2024-43570 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2024-37979 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel-Mode Drivers | CVE-2024-43554 | Windows Kernel-Mode Driver Information Disclosure Vulnerability | Important |
Windows Kernel-Mode Drivers | CVE-2024-43535 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Important |
Windows Local Security Authority (LSA) | CVE-2024-43522 | Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-43555 | Windows Mobile Broadband Driver Denial of Service Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-43540 | Windows Mobile Broadband Driver Denial of Service Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-43536 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-43538 | Windows Mobile Broadband Driver Denial of Service Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-43525 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-43559 | Windows Mobile Broadband Driver Denial of Service Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-43561 | Windows Mobile Broadband Driver Denial of Service Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-43558 | Windows Mobile Broadband Driver Denial of Service Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-43542 | Windows Mobile Broadband Driver Denial of Service Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-43557 | Windows Mobile Broadband Driver Denial of Service Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-43526 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-43543 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-43523 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-43524 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important |
Windows Mobile Broadband | CVE-2024-43537 | Windows Mobile Broadband Driver Denial of Service Vulnerability | Important |
Windows MSHTML Platform | CVE-2024-43573 | Windows MSHTML Platform Spoofing Vulnerability | Moderate |
Windows Netlogon | CVE-2024-38124 | Windows Netlogon Elevation of Privilege Vulnerability | Important |
Windows Network Address Translation (NAT) | CVE-2024-43562 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | Important |
Windows Network Address Translation (NAT) | CVE-2024-43565 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | Important |
Windows NT OS Kernel | CVE-2024-43553 | NT OS Kernel Elevation of Privilege Vulnerability | Important |
Windows NTFS | CVE-2024-43514 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | Important |
Windows Online Certificate Status Protocol (OCSP) | CVE-2024-43545 | Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability | Important |
Windows Print Spooler Components | CVE-2024-43529 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
Windows Remote Desktop | CVE-2024-43582 | Remote Desktop Protocol Server Remote Code Execution Vulnerability | Critical |
Windows Remote Desktop Licensing Service | CVE-2024-38262 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | Important |
Windows Remote Desktop Services | CVE-2024-43456 | Windows Remote Desktop Services Tampering Vulnerability | Important |
Windows Resilient File System (ReFS) | CVE-2024-43500 | Windows Resilient File System (ReFS) Information Disclosure Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-43592 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-43589 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-38212 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-43593 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-38261 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-43611 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-43453 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-38265 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-43607 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-43549 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-43608 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2024-43564 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
Windows Scripting | CVE-2024-43584 | Windows Scripting Engine Security Feature Bypass Vulnerability | Important |
Windows Secure Channel | CVE-2024-43550 | Windows Secure Channel Spoofing Vulnerability | Important |
Windows Secure Kernel Mode | CVE-2024-43516 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability | Important |
Windows Secure Kernel Mode | CVE-2024-43528 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability | Important |
Windows Shell | CVE-2024-43552 | Windows Shell Remote Code Execution Vulnerability | Important |
Windows Standards-Based Storage Management Service | CVE-2024-43512 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | Important |
Windows Storage | CVE-2024-43551 | Windows Storage Elevation of Privilege Vulnerability | Important |
Windows Storage Port Driver | CVE-2024-43560 | Microsoft Windows Storage Port Driver Elevation of Privilege Vulnerability | Important |
Windows Telephony Server | CVE-2024-43518 | Windows Telephony Server Remote Code Execution Vulnerability | Important |
Winlogon | CVE-2024-43583 | Winlogon Elevation of Privilege Vulnerability | Important |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-38097 MITRE NVD |
CVE Title: Azure Monitor Agent Elevation of Privilege Vulnerability
Description: Unknown FAQ: According to the CVSS metrics, successful exploitation of this vulnerability does not impact confidentiality (C:N), but has major impact on integrity (I:H) and availability (A:H). What does that mean for this vulnerability? Exploitation of this vulnerability does not disclose any confidential information but allows an attacker to modify or delete files containing data which could cause the service to become unavailable. What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could create, modify, or delete files in the security context of the NT AUTHORITY\SYSTEM account. What actions do customers need to take to protect themselves from this vulnerability? Customers who have disabled Automatic Extension Upgrades or would like to upgrade an extension immediately must manually update their Azure Monitor Agent to the latest version. For more information on how to perform a manual update, see Manage Azure Monitor Agent. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Unlikely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38097 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Azure Monitor Agent | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2024-38097 | @sim0nsecurity Filip Dragović BochengXiang(@Crispr) with FDU R4nger & Zhiniang Peng |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43516 MITRE NVD |
CVE Title: Windows Secure Kernel Mode Elevation of Privilege Vulnerability
Description: Unknown FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43516 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5044286 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5044286 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43516 | Microsoft Offensive Research & Security Engineering (MORSE) |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-38179 MITRE NVD |
CVE Title: Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege Vulnerability
Description: Unknown FAQ: According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? Successful exploitation of this vulnerability could allow an attacker to perform operations in the victim's hybrid cloud environment with the same privileges as the compromised managed identity. What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain the privileges of the compromised managed identity. How could an attacker exploit this vulnerability? An attacker with basic user privileges could compromise an unencrypted service principal for a managed identity and perform service management operations on other resources in the hybrid environment the managed identity is permitted to manage. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38179 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Azure Stack HCI 22H2 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Azure Stack HCI 23H2 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2024-38179 | Barry Markey with Microsoft |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-38261 MITRE NVD |
CVE Title: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38261 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-38261 | Nirmala Nawale with Microsoft Dan Reynolds with MSRC Vulnerabilities & Mitigations Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43480 MITRE NVD |
CVE Title: Azure Service Fabric for Linux Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? An attacker is required to compromise the credential of a victim who has been assigned the role of “Cluster Admin” or “Cluster Operator” by an administrator prior to attempting to exploit the vulnerability. According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. Only users with roles “Cluster Admin” and “Cluster Operator” can access this. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43480 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Azure Service Fabric 10.0 for Linux | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Azure Service Fabric 10.1 for Linux | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Azure Service Fabric 9.1 for Linux | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 6.6 Temporal: 5.8 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2024-43480 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43481 MITRE NVD |
CVE Title: Power BI Report Server Spoofing Vulnerability
Description: Unknown FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43481 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Power BI Report Server - May 2024 | XXXXXXX (Security Update) | Important | Spoofing | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2024-43481 | Omar Alatwi |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-38229 MITRE NVD |
CVE Title: .NET and Visual Studio Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38229 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
.NET 8.0 installed on Linux | 5045993 (Security Update) | Important | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
.NET 8.0 installed on Mac OS | 5045993 (Security Update) | Important | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
.NET 8.0 installed on Windows | 5045993 (Security Update) | Important | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Visual Studio 2022 version 17.10 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Visual Studio 2022 version 17.11 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2024-38229 | Brennan Conroy of Microsoft Corporation |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43502 MITRE NVD |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
Description: Unknown FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), have no effect on integrity (I:N) and have a high impact on availability (A:H). What does that mean for this vulnerability? This vulnerability could allow an attacker to disclose confidential information or make the service unavailable but does not allow the attacker to modify any data. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43502 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43502 | Florian Schweins |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43503 MITRE NVD |
CVE Title: Microsoft SharePoint Elevation of Privilege Vulnerability
Description: Unknown FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43503 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft SharePoint Enterprise Server 2016 | 5002645 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft SharePoint Server 2019 | 5002647 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft SharePoint Server Subscription Edition | 5002649 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2024-43503 | zcgonvh |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43504 MITRE NVD |
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43504 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Excel 2016 (32-bit edition) | 5002643 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Excel 2016 (64-bit edition) | 5002643 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
CVE ID | Acknowledgements |
CVE-2024-43504 | Haifei Li with Check Point Research |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43505 MITRE NVD |
CVE Title: Microsoft Office Visio Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43505 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
CVE ID | Acknowledgements |
CVE-2024-43505 | Luke Papandrea, Microsoft Corporation |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43506 MITRE NVD |
CVE Title: BranchCache Denial of Service Vulnerability
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43506 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5044286 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5044286 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5044293 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5044293 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43506 | k0shl with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43508 MITRE NVD |
CVE Title: Windows Graphics Component Information Disclosure Vulnerability
Description: Unknown FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43508 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43508 | Cristi Dudescu |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43513 MITRE NVD |
CVE Title: BitLocker Security Feature Bypass Vulnerability
Description: Unknown FAQ: Is there a prerequisite for installing the security update? Yes. For Windows Server 2012 R2 only, to apply this update, you must have KB2919355 installed. Are there additional steps that I need to take to be protected from this vulnerability? Depending on the version of Windows you are running, you may need to take additional steps to update Windows Recovery Environment (WinRE) to be protected from this vulnerability. For the latest version of Windows the process of updating WinRE is now fully automated. The following versions of Windows require no additional steps as WinRE will be updated as a part of the Latest Cumulative Update if you are getting updates from Windows Update and WSUS.:
For the following versions of Windows, the Windows Recovery Environment updates listed are available. These updates automatically apply the latest Safe OS Dynamic Update to WinRE from the running Windows OS:
As an alternative to updates provided in the preceding list or if your version of Windows is not listed in the list, you can download the latest Windows Safe OS Dynamic Update from the Microsoft Update Catalog. You can then apply the WinRE update. See Add an update package to Windows RE. To automate your installation Microsoft has developed a sample script that can help with updating WinRE from the running Windows OS. Please see KB5034957: Updating the WinRE partition on deployed devices to address security vulnerabilities in CVE-2024-20666 for more information. How do I check whether WinRE has successfully updated? Use DISM /Get-Packages on a mounted WinRE image to ensure latest Safe OS Dynamic Update package is present. For more information, see Check the WinRE image version. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to physically access the target device. To gain access, an attacker must acquire the device after being unlocked by a legitimate user (target of opportunity) or possess the ability to pass device authentication or password protection mechanisms. Are there additional steps that I need to take to be protected from this vulnerability? Yes. You must apply the applicable Windows security update to your Windows Recovery Environment (WinRE). For more information about how to apply the WinRE update, see Add an update package to Windows RE. IMPORTANT: End users and enterprises who are updating Windows devices which are already deployed in their environment can instead use the latest Windows Safe OS Dynamic Updates to update WinRE when the partition is too small to install the full Windows update. You can download the latest Windows Safe OS Dynamic Update from the Microsoft Update Catalog. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43513 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5044286 (Security Update) | Important | Security Feature Bypass | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5044286 (Security Update) | Important | Security Feature Bypass | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5044293 (Security Update) | Important | Security Feature Bypass | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5044293 (Security Update) | Important | Security Feature Bypass | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Security Feature Bypass | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Security Feature Bypass | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Security Feature Bypass | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Security Feature Bypass | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Security Feature Bypass | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Security Feature Bypass | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Security Feature Bypass | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Security Feature Bypass | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Security Feature Bypass | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Security Feature Bypass | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Security Feature Bypass | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Security Feature Bypass | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Security Feature Bypass | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Security Feature Bypass | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Security Feature Bypass | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Security Feature Bypass | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Security Feature Bypass | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Security Feature Bypass | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Security Feature Bypass | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Security Feature Bypass | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Security Feature Bypass | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Security Feature Bypass | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Security Feature Bypass | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Security Feature Bypass | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Security Feature Bypass | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43513 | Maxim Suhanov with CICADA8 |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43515 MITRE NVD |
CVE Title: Internet Small Computer Systems Interface (iSCSI) Denial of Service Vulnerability
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43515 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5044286 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5044286 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5044293 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5044293 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43515 | Azure Yang with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43518 MITRE NVD |
CVE Title: Windows Telephony Server Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability? An unauthorized attacker must wait for a user to initiate a connection. According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires an admin user on the client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by remotely managing another machine's Telephony server using the tapisnap.dll tool. This could result in a heap-based buffer out-of-bounds write due to malicious data returned by the Telephony server's RPC interface. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43518 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5044286 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5044286 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43518 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43519 MITRE NVD |
CVE Title: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker could exploit the vulnerability by tricking an authenticated user (CVSS metric UI:R) into attempting to connect to a malicious SQL server via a connection driver (for example: ODBC and / or OLEDB as applicable). Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43519 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5044286 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5044286 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43519 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43525 MITRE NVD |
CVE Title: Windows Mobile Broadband Driver Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43525 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43525 | Wen with CyberKunLun |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43526 MITRE NVD |
CVE Title: Windows Mobile Broadband Driver Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43526 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43526 | Wen with CyberKunLun |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43527 MITRE NVD |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
Description: Unknown FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43527 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43527 | Microsoft Offensive Research & Security Engineering (MORSE) |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43529 MITRE NVD |
CVE Title: Windows Print Spooler Elevation of Privilege Vulnerability
Description: Unknown FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? A user with low privileges would need to initiate an RPC call to the print spooler which runs as SYSTEM. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43529 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Elevation of Privilege | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43529 | Florian Schweins |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43532 MITRE NVD |
CVE Title: Remote Registry Service Elevation of Privilege Vulnerability
Description: Unknown FAQ: How could an attacker exploit the vulnerability? To exploit this vulnerability, an attacker could execute a specially crafted malicious script which executes an RPC call to an RPC host. This could result in elevation of privilege on the server. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43532 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5044286 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5044286 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Elevation of Privilege | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43532 | Stiv Kupchik with Akamai |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43533 MITRE NVD |
CVE Title: Remote Desktop Client Remote Code Execution Vulnerability
Description: Unknown FAQ: How could an attacker exploit this vulnerability? In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client. Mitigations: Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43533 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Remote Desktop client for Windows Desktop | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43533 | Anonymous YingQi Shi (@Mas0n) with DBAPPSecurity WeBin Lab and Minghao Lin(@Y1nKoc) |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43534 MITRE NVD |
CVE Title: Windows Graphics Component Information Disclosure Vulnerability
Description: Unknown FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send the user a malicious file and convince them to open it. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43534 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5044286 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5044286 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5044293 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5044293 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43534 | Polar Penguin |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43535 MITRE NVD |
CVE Title: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
Description: Unknown FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43535 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5044286 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5044286 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43535 | Jael Koh |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43537 MITRE NVD |
CVE Title: Windows Mobile Broadband Driver Denial of Service Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43537 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43537 | Adam Hassan with Microsoft Offensive Research & Security Engineering |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43538 MITRE NVD |
CVE Title: Windows Mobile Broadband Driver Denial of Service Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43538 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43538 | Adam Hassan with Microsoft Offensive Research & Security Engineering (MORSE) |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43540 MITRE NVD |
CVE Title: Windows Mobile Broadband Driver Denial of Service Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43540 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43540 | Adam Hassan with Microsoft Offensive Research & Security Engineering |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43541 MITRE NVD |
CVE Title: Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43541 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43541 | Azure Yang with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43542 MITRE NVD |
CVE Title: Windows Mobile Broadband Driver Denial of Service Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43542 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43542 | Microsoft Offensive Research & Security Engineering with Microsoft |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43543 MITRE NVD |
CVE Title: Windows Mobile Broadband Driver Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43543 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43543 | Microsoft Offensive Research & Security Engineering with Microsoft |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43554 MITRE NVD |
CVE Title: Windows Kernel-Mode Driver Information Disclosure Vulnerability
Description: Unknown FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43554 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5044286 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5044286 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5044293 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5044293 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43554 | Angelboy (@scwuaptx) with DEVCORE |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43573 MITRE NVD |
CVE Title: Windows MSHTML Platform Spoofing Vulnerability
Description: Unknown FAQ: The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows except Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012. Why are IE Cumulative updates listed for Windows Server 2012 R2? While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms. To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Moderate | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Detected | Not Found | N/A | Yes | Yes |
The following tables list the affected software details for the vulnerability.
CVE-2024-43573 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5044286 (Security Update) | Moderate | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5044286 (Security Update) | Moderate | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5044293 (Security Update) | Moderate | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5044293 (Security Update) | Moderate | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Moderate | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Moderate | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Moderate | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Moderate | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Moderate | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Moderate | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Moderate | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Moderate | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Moderate | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Moderate | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Moderate | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Moderate | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Moderate | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Moderate | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Moderate | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Moderate | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Moderate | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Moderate | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Moderate | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Moderate | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Moderate | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Moderate | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Moderate | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Moderate | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Moderate | Spoofing | None | Base: 6.5 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43573 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43576 MITRE NVD |
CVE Title: Microsoft Office Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. Mitigations: Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43576 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
CVE ID | Acknowledgements |
CVE-2024-43576 | Roy Lindholm |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43581 MITRE NVD |
CVE Title: Microsoft OpenSSH for Windows Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to have access to the location where the target file will be run. They would then need to plant a specific file that would be used as part of the exploitation. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Successful exploitation of this vulnerability requires the victim to perform a specific file management operation to trigger the vulnerability. According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a victim to perform a specific action, such as copying files or executing a command, and for an attacker with appropriate access to have pre-planted malicious files with knowledge of where they should be placed on the victim's system. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to access a malicious folder or directory. Users should never open anything that they do not know or trust to be safe. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43581 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43581 | Anonymous Tom Deseyn with Red Hat |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-6197 MITRE NVD |
CVE Title: Open Source Curl Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. How does this vulnerability in curl affect Windows? While the upstream advisory applies to curl, the command line tool, and libcurl as embedded in all manner of software, Windows does not ship libcurl but only ships the curl command line. This vulnerability requires user interaction to select the server and to communicate with it. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | Yes | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-6197 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
CBL Mariner 2.0 ARM | curl (CBL-Mariner) | Unknown | Unknown | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown |
CBL Mariner 2.0 x64 | curl (CBL-Mariner) | Unknown | Unknown | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-6197 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43601 MITRE NVD |
CVE Title: Visual Studio Code for Linux Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43601 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Visual Studio Code | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2024-43601 | InvisibleMeerkat with https://www.kalmarunionen.dk/ Martin.JM |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43604 MITRE NVD |
CVE Title: Outlook for Android Elevation of Privilege Vulnerability
Description: Unknown FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? This vulnerability requires that a user with an affected version of Outlook open a malicious meeting or appointment invite from the attacker. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to have access to the location where the target file will be run. They would then need to plant a specific file that would be used as part of the exploitation. What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43604 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Outlook for Android | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 5.7 Temporal: 5.0 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43604 | Mateusz Tyl with STM Cyber Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43608 MITRE NVD |
CVE Title: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires an admin user on the client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. How could an attacker exploit this vulnerability? An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of this vulnerability requires a user to remote into a server that is controlled by an attacker, which could then allow the server to execute a command on the user's machine without their consent. This scenario assumes that the user has the ability to remote into the server and that the server has been compromised to execute such commands upon connection. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43608 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43608 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43609 MITRE NVD |
CVE Title: Microsoft Office Spoofing Vulnerability
Description: Unknown FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? In a web-based attack scenario, an attacker could host a website or server that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. Mitigations: Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43609 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Spoofing | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
No |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Spoofing | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
No |
Microsoft Office 2016 (32-bit edition) | 5002635 (Security Update) | Important | Spoofing | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft Office 2016 (64-bit edition) | 5002635 (Security Update) | Important | Spoofing | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Spoofing | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
No |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Spoofing | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
No |
Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Spoofing | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
No |
Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Spoofing | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
No |
Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Spoofing | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
No |
Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Spoofing | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
No |
CVE ID | Acknowledgements |
CVE-2024-43609 | Arnold Osipov with Morphisec Michael Gorelik with Morphisec Metin Yunus Kandemir with unsafe-inline |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43607 MITRE NVD |
CVE Title: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires an admin user on the client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. How could an attacker exploit this vulnerability? An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of this vulnerability requires a user to remote into a server that is controlled by an attacker, which could then allow the server to execute a command on the user's machine without their consent. This scenario assumes that the user has the ability to remote into the server and that the server has been compromised to execute such commands upon connection. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43607 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43607 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43612 MITRE NVD |
CVE Title: Power BI Report Server Spoofing Vulnerability
Description: Unknown FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted file to be compromised by the attacker. According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability? The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43612 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Power BI Report Server - May 2024 | XXXXXXX (Security Update) | Important | Spoofing | None | Base: 6.9 Temporal: 6.0 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2024-43612 | mohamed usman dasthaheer |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43615 MITRE NVD |
CVE Title: Microsoft OpenSSH for Windows Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to have access to the location where the target file will be run. They would then need to plant a specific file that would be used as part of the exploitation. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Successful exploitation of this vulnerability requires the victim to perform a specific file management operation to trigger the vulnerability. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43615 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43615 | wangzhibei |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43616 MITRE NVD |
CVE Title: Microsoft Office Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43616 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
CVE ID | Acknowledgements |
CVE-2024-43616 | Karan Bamal (abankalarm) |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43500 MITRE NVD |
CVE Title: Windows Resilient File System (ReFS) Information Disclosure Vulnerability
Description: Unknown FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43500 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43500 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
CVE-2024-7025 MITRE NVD |
CVE Title: Chromium: CVE-2024-7025 Integer overflow in Layout
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2024-10-03T22:14:30     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2024-7025 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2024-7025 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-20659 MITRE NVD |
CVE Title: Windows Hyper-V Security Feature Bypass Vulnerability
Description: Unknown FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Successful exploitation of this vulnerability by an attacker requires a user to first reboot their machine. What kind of security feature could be bypassed by successfully exploiting this vulnerability? This Hypervisor vulnerability relates to Virtual Machines within a Unified Extensible Firmware Interface (UEFI) host machine. On some specific hardware it might be possible to bypass the UEFI, which could lead to the compromise of the hypervisor and the secure kernel. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires multiple conditions to be met, such as specific application behavior, user actions, manipulation of parameters passed to a function, and impersonation of an integrity level token. According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | Yes | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-20659 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Security Feature Bypass | None | Base: 7.1 Temporal: 6.6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Security Feature Bypass | None | Base: 7.1 Temporal: 6.6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Security Feature Bypass | None | Base: 7.1 Temporal: 6.6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Security Feature Bypass | None | Base: 7.1 Temporal: 6.6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Security Feature Bypass | None | Base: 7.1 Temporal: 6.6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Security Feature Bypass | None | Base: 7.1 Temporal: 6.6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Security Feature Bypass | None | Base: 7.1 Temporal: 6.6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Security Feature Bypass | None | Base: 7.1 Temporal: 6.6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Security Feature Bypass | None | Base: 7.1 Temporal: 6.6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Security Feature Bypass | None | Base: 7.1 Temporal: 6.6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Security Feature Bypass | None | Base: 7.1 Temporal: 6.6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Security Feature Bypass | None | Base: 7.1 Temporal: 6.6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Security Feature Bypass | None | Base: 7.1 Temporal: 6.6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Security Feature Bypass | None | Base: 7.1 Temporal: 6.6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Security Feature Bypass | None | Base: 7.1 Temporal: 6.6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Security Feature Bypass | None | Base: 7.1 Temporal: 6.6 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-20659 | Francisco Falcón and Iván Arce of Quarkslab Francisco Falcón and Iván Arce of Quarkslab Francisco Falcón and Iván Arce of Quarkslab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-37976 MITRE NVD |
CVE Title: Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability
Description: Unknown FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-37976 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5044286 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5044286 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5044293 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5044293 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-37976 | Netanel Ben Simon with Microsoft Offensive Research & Security Engineering |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-37982 MITRE NVD |
CVE Title: Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability
Description: Unknown FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-37982 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5044286 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5044286 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5044293 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5044293 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-37982 | Netanel Ben Simon with Microsoft Offensive Research & Security Engineering |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-37979 MITRE NVD |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
Description: Unknown FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-37979 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Elevation of Privilege | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-37979 | Netanel Ben Simon with Microsoft Offensive Research & Security Engineering |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-37983 MITRE NVD |
CVE Title: Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability
Description: Unknown FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-37983 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5044286 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5044286 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5044293 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5044293 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Security Feature Bypass | None | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-37983 | Netanel Ben Simon Meir Bloya Netanel Ben Simon and Meir Bloya |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-38149 MITRE NVD |
CVE Title: BranchCache Denial of Service Vulnerability
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38149 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5044286 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5044286 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5044293 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5044293 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-38149 | k0shl with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-38029 MITRE NVD |
CVE Title: Microsoft OpenSSH for Windows Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires multiple conditions to be met, such as specific application behavior, user actions, manipulation of parameters passed to a function, and impersonation of an integrity level token. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of this vulnerability requires a user to remote into a server that is controlled by an attacker, which could then allow the server to execute a command on the user's machine without their consent. This scenario assumes that the user has the ability to remote into the server and that the server has been compromised to execute such commands upon connection. How could an attacker exploit this vulnerability? An attacker could remotely load a malicious DLL onto a machine where the ssh-agent service is launched with the -Oallow-remote-pkcs11 option, which could lead to remote code execution. This vulnerability arises because the ssh-pkcs11-helper.exe is configured to allow remote DLL loading, which is not intended for arbitrary remote libraries but rather for pkcs providers already present on the remote machine. According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38029 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-38029 | DarkNavy |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-38129 MITRE NVD |
CVE Title: Windows Kerberos Elevation of Privilege Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain domain administrator privileges. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38129 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Elevation of Privilege | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-38129 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-38124 MITRE NVD |
CVE Title: Windows Netlogon Elevation of Privilege Vulnerability
Description: Unknown FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain domain administrator privileges. According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? An authenticated attacker could exploit this vulnerability with LAN access. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities. How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker would need to predict the name of a new domain controller and rename their computer to match it. They would then establish a secure channel and keep it active while renaming their computer back to its original name. Once the new domain controller is promoted, the attacker could use the secure channel to impersonate the domain controller and potentially compromise the entire domain. Mitigations: Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38124 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Elevation of Privilege | None | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Elevation of Privilege | None | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Elevation of Privilege | None | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Elevation of Privilege | None | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Elevation of Privilege | None | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Elevation of Privilege | None | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Elevation of Privilege | None | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Elevation of Privilege | None | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Elevation of Privilege | None | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-38124 | Paul Miller with Microsoft |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-38265 MITRE NVD |
CVE Title: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires an admin user on the client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. How could an attacker exploit this vulnerability? An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of this vulnerability requires a user to remote into a server that is controlled by an attacker, which could then allow the server to execute a command on the user's machine without their consent. This scenario assumes that the user has the ability to remote into the server and that the server has been compromised to execute such commands upon connection. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38265 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-38265 | Dan Reynolds with MSRC Vulnerabilities & Mitigations Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-38262 MITRE NVD |
CVE Title: Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38262 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Remote Code Execution | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-38262 | Lewis Lee, Chunyang Han and Zhiniang Peng |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43453 MITRE NVD |
CVE Title: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Description: Unknown FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. How could an attacker exploit this vulnerability? An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of this vulnerability requires a user to remote into a server that is controlled by an attacker, which could then allow the server to execute a command on the user's machine without their consent. This scenario assumes that the user has the ability to remote into the server and that the server has been compromised to execute such commands upon connection. According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires an admin user on the client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43453 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43453 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-38212 MITRE NVD |
CVE Title: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires an admin user on the client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. How could an attacker exploit this vulnerability? An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of this vulnerability requires a user to remote into a server that is controlled by an attacker, which could then allow the server to execute a command on the user's machine without their consent. This scenario assumes that the user has the ability to remote into the server and that the server has been compromised to execute such commands upon connection. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-38212 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-38212 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-30092 MITRE NVD |
CVE Title: Windows Hyper-V Remote Code Execution Vulnerability
Description: Unknown FAQ: Under what circumstances might this vulnerability be exploited other than as a denial of service attack against a Hyper-V host? This issue allows a guest VM to force the Hyper-V host's kernel to read from an arbitrary, potentially invalid address. The contents of the address read would not be returned to the guest VM. In most circumstances, this would result in a denial of service of the Hyper-V host (bugcheck) due to reading an unmapped address. It is possible to read from a memory mapped device register corresponding to a hardware device attached to the Hyper-V host which may trigger additional, hardware device specific side effects that could compromise the Hyper-V host's security. According to the CVSS metric, the Hyper-V attack vector is adjacent (AV:A). What does that mean for this vulnerability? Where the attack vector metric is Adjacent (A), this represents virtual machines connected via a Hyper-V Network Virtualization (HNV) logical network. This configuration forms an isolation boundary where the virtual machines within the virtual network can only communicate with each other. In this attack vector, the vulnerable component is bound to the network stack, but the attack is limited to systems configured to use the HNV network. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-30092 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for x64-based Systems | 5044286 (Security Update) | Important | Remote Code Execution | None | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Remote Code Execution | None | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Remote Code Execution | None | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Remote Code Execution | None | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Remote Code Execution | None | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Remote Code Execution | None | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-30092 | HongZhenhao with TianGong Team of Legendsec at Qi'anxin Group |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43456 MITRE NVD |
CVE Title: Windows Remote Desktop Services Tampering Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Tampering |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43456 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Tampering | None | Base: 4.8 Temporal: 4.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Tampering | None | Base: 4.8 Temporal: 4.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Tampering | None | Base: 4.8 Temporal: 4.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Tampering | None | Base: 4.8 Temporal: 4.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Tampering | None | Base: 4.8 Temporal: 4.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Tampering | None | Base: 4.8 Temporal: 4.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Tampering | None | Base: 4.8 Temporal: 4.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Tampering | None | Base: 4.8 Temporal: 4.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Tampering | None | Base: 4.8 Temporal: 4.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Tampering | None | Base: 4.8 Temporal: 4.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Tampering | None | Base: 4.8 Temporal: 4.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Tampering | None | Base: 4.8 Temporal: 4.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Tampering | None | Base: 4.8 Temporal: 4.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43456 | Philemon Orphee Favrod with Microsoft Josh Watson with Microsoft Ray Reskusich with Microsoft |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43483 MITRE NVD |
CVE Title: .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43483 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
.NET 6.0 installed on Linux | 5045998 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
.NET 6.0 installed on Mac OS | 5045998 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
.NET 6.0 installed on Windows | 5045998 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
.NET 8.0 installed on Linux | 5045993 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
.NET 8.0 installed on Mac OS | 5045993 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
.NET 8.0 installed on Windows | 5045993 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044098 (Monthly Rollup) 5044086 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 | 5044098 (Monthly Rollup) 5044086 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044098 (Monthly Rollup) 5044086 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 | 5044098 (Monthly Rollup) 5044086 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems | 5044089 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems | 5044089 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2016 | 5044293 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 | 5044089 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation) | 5044089 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems | 5044089 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems | 5044089 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for 32-bit Systems | 5044090 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for ARM64-based Systems | 5044090 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for x64-based Systems | 5044090 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for 32-bit Systems | 5044091 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for ARM64-based Systems | 5044091 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for x64-based Systems | 5044091 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for ARM64-based Systems | 5044092 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for x64-based Systems | 5044092 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 | 5044089 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation) | 5044089 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 | 5044099 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 (Server Core installation) | 5044099 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for 32-bit Systems | 5044090 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for ARM64-based Systems | 5044090 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for x64-based Systems | 5044090 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for 32-bit Systems | 5044091 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for ARM64-based Systems | 5044091 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for x64-based Systems | 5044091 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 21H2 for ARM64-based Systems | 5044092 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 21H2 for x64-based Systems | 5044092 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for ARM64-based Systems | 5044033 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for x64-based Systems | 5044033 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for ARM64-based Systems | 5044033 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for x64-based Systems | 5044033 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 24H2 for ARM64-based Systems | 5044030 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 24H2 for x64-based Systems | 5044030 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 | 5044099 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 (Server Core installation) | 5044099 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022, 23H2 Edition (Server Core installation) | 5044028 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044098 (Monthly Rollup) 5044086 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 on Windows Server 2008 for x64-based Systems Service Pack 2 | 5044098 (Monthly Rollup) 5044086 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 on Windows Server 2012 | 5044096 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 on Windows Server 2012 (Server Core installation) | 5044096 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 on Windows Server 2012 R2 | 5044097 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (Server Core installation) | 5044097 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044095 (Monthly Rollup) 5044085 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044095 (Monthly Rollup) 5044085 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044098 (Monthly Rollup) 5044086 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5044098 (Monthly Rollup) 5044086 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 | 5044098 (Monthly Rollup) 5044086 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5044098 (Monthly Rollup) 5044086 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044095 (Monthly Rollup) 5044085 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044095 (Monthly Rollup) 5044085 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 | 5044096 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) | 5044096 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 | 5044097 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) | 5044097 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6/4.6.2 on Windows 10 for 32-bit Systems | 5044286 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft .NET Framework 4.6/4.6.2 on Windows 10 for x64-based Systems | 5044286 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems | 5044021 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems | 5044021 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044095 (Monthly Rollup) 5044085 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044095 (Monthly Rollup) 5044085 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows Server 2012 | 5044096 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation) | 5044096 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows Server 2012 R2 | 5044097 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation) | 5044097 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows Server 2016 | 5044021 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation) | 5044021 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Visual Studio 2022 version 17.10 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Visual Studio 2022 version 17.11 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2024-43483 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43484 MITRE NVD |
CVE Title: .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43484 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
.NET 6.0 installed on Linux | 5045998 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
.NET 6.0 installed on Mac OS | 5045998 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
.NET 6.0 installed on Windows | 5045998 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
.NET 8.0 installed on Linux | 5045993 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
.NET 8.0 installed on Mac OS | 5045993 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
.NET 8.0 installed on Windows | 5045993 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044098 (Monthly Rollup) 5044086 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 | 5044098 (Monthly Rollup) 5044086 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044098 (Monthly Rollup) 5044086 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 | 5044098 (Monthly Rollup) 5044086 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1607 for 32-bit Systems | 5044293 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1607 for x64-based Systems | 5044293 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems | 5044089 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems | 5044089 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2016 | 5044293 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 | 5044089 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation) | 5044089 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems | 5044089 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems | 5044089 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for 32-bit Systems | 5044090 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for ARM64-based Systems | 5044090 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for x64-based Systems | 5044090 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for 32-bit Systems | 5044091 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for ARM64-based Systems | 5044091 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for x64-based Systems | 5044091 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for ARM64-based Systems | 5044092 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for x64-based Systems | 5044092 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 | 5044089 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation) | 5044089 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 | 5044099 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 (Server Core installation) | 5044099 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for 32-bit Systems | 5044090 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for ARM64-based Systems | 5044090 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for x64-based Systems | 5044090 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for 32-bit Systems | 5044091 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for ARM64-based Systems | 5044091 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for x64-based Systems | 5044091 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 21H2 for ARM64-based Systems | 5044092 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 21H2 for x64-based Systems | 5044092 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for ARM64-based Systems | 5044033 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for x64-based Systems | 5044033 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for ARM64-based Systems | 5044033 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for x64-based Systems | 5044033 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 24H2 for ARM64-based Systems | 5044030 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 24H2 for x64-based Systems | 5044030 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 | 5044099 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 (Server Core installation) | 5044099 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022, 23H2 Edition (Server Core installation) | 5044028 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044098 (Monthly Rollup) 5044086 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 on Windows Server 2008 for x64-based Systems Service Pack 2 | 5044098 (Monthly Rollup) 5044086 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 on Windows Server 2012 | 5044096 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 on Windows Server 2012 (Server Core installation) | 5044096 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 on Windows Server 2012 R2 | 5044097 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (Server Core installation) | 5044097 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044095 (Monthly Rollup) 5044085 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044095 (Monthly Rollup) 5044085 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044098 (Monthly Rollup) 5044086 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5044098 (Monthly Rollup) 5044086 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 | 5044098 (Monthly Rollup) 5044086 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5044098 (Monthly Rollup) 5044086 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044095 (Monthly Rollup) 5044085 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044095 (Monthly Rollup) 5044085 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 | 5044096 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) | 5044096 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 | 5044097 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) | 5044097 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.6/4.6.2 on Windows 10 for 32-bit Systems | 5044286 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft .NET Framework 4.6/4.6.2 on Windows 10 for x64-based Systems | 5044286 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems | 5044021 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems | 5044021 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044095 (Monthly Rollup) 5044085 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044095 (Monthly Rollup) 5044085 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows Server 2012 | 5044096 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation) | 5044096 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows Server 2012 R2 | 5044097 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation) | 5044097 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows Server 2016 | 5044021 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation) | 5044021 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Visual Studio 2022 version 17.10 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Visual Studio 2022 version 17.11 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2024-43484 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43485 MITRE NVD |
CVE Title: .NET and Visual Studio Denial of Service Vulnerability
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43485 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
.NET 6.0 installed on Linux | 5045998 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
.NET 6.0 installed on Mac OS | 5045998 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
.NET 6.0 installed on Windows | 5045998 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
.NET 8.0 installed on Linux | 5045993 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
.NET 8.0 installed on Mac OS | 5045993 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
.NET 8.0 installed on Windows | 5045993 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Visual Studio 2022 version 17.10 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Visual Studio 2022 version 17.11 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2024-43485 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43497 MITRE NVD |
CVE Title: DeepSpeed Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43497 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
DeepSpeed | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8.4 Temporal: 7.3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2024-43497 | cyfra07. Submitted to Huntr by ProtectAI |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43468 MITRE NVD |
CVE Title: Microsoft Configuration Manager Remote Code Execution Vulnerability
Description: Unknown FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database. What actions do customers need to take to protect themselves from this vulnerability? Customers using a version of Configuration Manager specified in the Security Updates table of this CVE need to install an in-console update to be protected. Guidance for how to install Configuration Manager in-console updates is available here: Install in-console updates for Configuration Manager. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43468 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Configuration Manager 2303 | KB29166583 (Security Update) | Critical | Remote Code Execution | None | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Configuration Manager 2309 | KB29166583 (Security Update) | Critical | Remote Code Execution | None | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Configuration Manager 2403 | KB29166583 (Security Update) | Critical | Remote Code Execution | None | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
CVE ID | Acknowledgements |
CVE-2024-43468 | Mehdi Elyassa with Synacktiv |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43501 MITRE NVD |
CVE Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability
Description: Unknown FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43501 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5044286 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5044286 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43501 | Naceri with MSRC Vulnerabilities & Mitigations |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43509 MITRE NVD |
CVE Title: Windows Graphics Component Elevation of Privilege Vulnerability
Description: Unknown FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43509 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5044286 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5044286 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43509 | Cristi Dudescu Brent Mills |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43511 MITRE NVD |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
Description: Unknown FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43511 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5044286 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5044286 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43511 | Microsoft Offensive Research & Security Engineering (MORSE) |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43512 MITRE NVD |
CVE Title: Windows Standards-Based Storage Management Service Denial of Service Vulnerability
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43512 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43512 | k0shl with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43514 MITRE NVD |
CVE Title: Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
Description: Unknown FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43514 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5044286 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5044286 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43514 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43517 MITRE NVD |
CVE Title: Microsoft ActiveX Data Objects Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send the user a malicious file and convince them to open it. According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application. How could an attacker exploit this vulnerability? An attacker would need to set up a malicious server and create a proof-of-concept script. The victim would then need to be convinced, possibly through social engineering techniques, to run this script, which would connect to the malicious server and potentially allow for remote code execution on the victim’s machine. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43517 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5044286 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5044286 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43517 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43520 MITRE NVD |
CVE Title: Windows Kernel Denial of Service Vulnerability
Description: Unknown FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send the user a malicious input file and convince the user to open said input file. According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability? An authorized attacker could create a malicious extension and then wait for an authenticated user to create a new Visual Studio project that uses that extension. The result is that the attacker could gain the privileges of the user. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43520 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5044286 (Security Update) | Important | Denial of Service | None | Base: 5.0 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5044286 (Security Update) | Important | Denial of Service | None | Base: 5.0 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5044293 (Security Update) | Important | Denial of Service | None | Base: 5.0 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5044293 (Security Update) | Important | Denial of Service | None | Base: 5.0 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Denial of Service | None | Base: 5.0 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Denial of Service | None | Base: 5.0 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 5.0 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 5.0 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 5.0 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 5.0 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 5.0 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 5.0 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Denial of Service | None | Base: 5.0 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Denial of Service | None | Base: 5.0 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 5.0 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 5.0 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 5.0 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 5.0 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Denial of Service | None | Base: 5.0 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Denial of Service | None | Base: 5.0 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Denial of Service | None | Base: 5.0 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Denial of Service | None | Base: 5.0 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Denial of Service | None | Base: 5.0 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Denial of Service | None | Base: 5.0 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Denial of Service | None | Base: 5.0 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Denial of Service | None | Base: 5.0 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Denial of Service | None | Base: 5.0 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Denial of Service | None | Base: 5.0 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Denial of Service | None | Base: 5.0 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Denial of Service | None | Base: 5.0 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Denial of Service | None | Base: 5.0 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Denial of Service | None | Base: 5.0 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Denial of Service | None | Base: 5.0 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Denial of Service | None | Base: 5.0 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Denial of Service | None | Base: 5.0 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Denial of Service | None | Base: 5.0 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Denial of Service | None | Base: 5.0 Temporal: 4.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43520 | Azure Yang with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43521 MITRE NVD |
CVE Title: Windows Hyper-V Denial of Service Vulnerability
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43521 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43521 | k0shl with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43522 MITRE NVD |
CVE Title: Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability
Description: Unknown FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to have a deep understanding of the system and the ability to manipulate its components to trigger a specific condition. Successful exploitation is not guaranteed and depends on a combination of factors that may include the environment, system configuration, and the presence of additional security measures. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43522 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43522 | Wade Lin with MICROSOFT |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43523 MITRE NVD |
CVE Title: Windows Mobile Broadband Driver Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43523 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43523 | Wen with CyberKunLun |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43524 MITRE NVD |
CVE Title: Windows Mobile Broadband Driver Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43524 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43524 | Wen with CyberKunLun |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43528 MITRE NVD |
CVE Title: Windows Secure Kernel Mode Elevation of Privilege Vulnerability
Description: Unknown FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43528 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43528 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43536 MITRE NVD |
CVE Title: Windows Mobile Broadband Driver Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43536 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43536 | Zhihua Wen with CyberKunLun |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43544 MITRE NVD |
CVE Title: Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43544 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43544 | Azure Yang with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43545 MITRE NVD |
CVE Title: Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43545 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43545 | Azure Yang with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43546 MITRE NVD |
CVE Title: Windows Cryptographic Information Disclosure Vulnerability
Description: Unknown FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of OAEP decrypt information. An attacker could read the contents of OAEP decrypt from a user mode process. According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? An attacker who successfully exploited this vulnerability could potentially execute a cross-VM attack, thereby compromising multiple virtual machines and expanding the impact of the attack beyond the initially targeted VM. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to carefully time their actions to exploit the timing differences in the execution of specific operations. They must accurately measure these timing variations to infer sensitive information or gain unauthorized access. This often involves sophisticated techniques to manipulate and observe the timing behavior of the target system. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43546 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Information Disclosure | None | Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Information Disclosure | None | Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Information Disclosure | None | Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Information Disclosure | None | Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Information Disclosure | None | Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Information Disclosure | None | Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Information Disclosure | None | Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Information Disclosure | None | Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Information Disclosure | None | Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Information Disclosure | None | Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Information Disclosure | None | Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Information Disclosure | None | Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Information Disclosure | None | Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Information Disclosure | None | Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Information Disclosure | None | Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Information Disclosure | None | Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Information Disclosure | None | Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43546 | Samuel Lee |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43547 MITRE NVD |
CVE Title: Windows Kerberos Information Disclosure Vulnerability
Description: Unknown FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode process. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43547 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5044286 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5044286 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5044293 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5044293 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43547 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43549 MITRE NVD |
CVE Title: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Description: Unknown FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires an admin user on the client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43549 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43549 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43550 MITRE NVD |
CVE Title: Windows Secure Channel Spoofing Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack. According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) and major loss of integrity (I:H) but have no effect on availability (A:N). What does that mean for this vulnerability? Exploiting this vulnerability allows an attacker to view highly sensitive resource information (C:H) and results in a total loss of protection for that data (I:H), but does not provide the capability to impact resource availability. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43550 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5044286 (Security Update) | Important | Spoofing | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5044286 (Security Update) | Important | Spoofing | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5044293 (Security Update) | Important | Spoofing | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5044293 (Security Update) | Important | Spoofing | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Spoofing | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Spoofing | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Spoofing | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Spoofing | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Spoofing | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Spoofing | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Spoofing | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Spoofing | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Spoofing | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Spoofing | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Spoofing | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Spoofing | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Spoofing | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Spoofing | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Spoofing | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Spoofing | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Spoofing | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Spoofing | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Spoofing | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Spoofing | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Spoofing | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Spoofing | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Spoofing | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Spoofing | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Spoofing | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Spoofing | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Spoofing | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43550 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43551 MITRE NVD |
CVE Title: Windows Storage Elevation of Privilege Vulnerability
Description: Unknown FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43551 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 Version 1607 for 32-bit Systems | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43551 | Filip Dragović |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43552 MITRE NVD |
CVE Title: Windows Shell Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send the user a malicious input file and convince the user to open said input file. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43552 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Remote Code Execution | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Remote Code Execution | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Remote Code Execution | None | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43552 | CHEN QINGYANG with Topsec Alpha Team |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43553 MITRE NVD |
CVE Title: NT OS Kernel Elevation of Privilege Vulnerability
Description: Unknown FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain Kernel Memory Access. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43553 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5044286 (Security Update) | Important | Elevation of Privilege | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5044286 (Security Update) | Important | Elevation of Privilege | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Elevation of Privilege | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Elevation of Privilege | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Elevation of Privilege | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Elevation of Privilege | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Elevation of Privilege | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Elevation of Privilege | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Elevation of Privilege | None | Base: 7.4 Temporal: 6.4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43553 | Thomas Imbert with Synacktiv Anonymous Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43555 MITRE NVD |
CVE Title: Windows Mobile Broadband Driver Denial of Service Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43555 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43555 | Zhihua Wen with CyberKunLun Adam Hassan with Microsoft Offensive Research & Security Engineering |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43556 MITRE NVD |
CVE Title: Windows Graphics Component Elevation of Privilege Vulnerability
Description: Unknown FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43556 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5044286 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5044286 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43556 | Marcin Wiazowski with Trend Micro Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43557 MITRE NVD |
CVE Title: Windows Mobile Broadband Driver Denial of Service Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43557 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43557 | Adam Hassan with Microsoft Offensive Research & Security Engineering (MORSE) |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43558 MITRE NVD |
CVE Title: Windows Mobile Broadband Driver Denial of Service Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43558 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43558 | Adam Hassan with Microsoft Offensive Research & Security Engineering (MORSE) |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43559 MITRE NVD |
CVE Title: Windows Mobile Broadband Driver Denial of Service Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43559 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43559 | Adam Hassan with Microsoft Offensive Research & Security Engineering |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43560 MITRE NVD |
CVE Title: Microsoft Windows Storage Port Driver Elevation of Privilege Vulnerability
Description: Unknown FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43560 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5044286 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5044286 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43560 | insu with Theori |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43561 MITRE NVD |
CVE Title: Windows Mobile Broadband Driver Denial of Service Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability? Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43561 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Denial of Service | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43561 | Adam Hassan with Microsoft Offensive Research & Security Engineering (MORSE) |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43562 MITRE NVD |
CVE Title: Windows Network Address Translation (NAT) Denial of Service Vulnerability
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43562 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5044286 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5044286 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5044293 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5044293 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43562 | Mahavir Surana with Microsoft |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43563 MITRE NVD |
CVE Title: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Description: Unknown FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43563 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5044286 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5044286 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43563 | Sujeet Kumar with Microsoft |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43564 MITRE NVD |
CVE Title: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Description: Unknown FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires an admin user on the client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43564 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43564 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43565 MITRE NVD |
CVE Title: Windows Network Address Translation (NAT) Denial of Service Vulnerability
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43565 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5044286 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5044286 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5044293 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5044293 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43565 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43567 MITRE NVD |
CVE Title: Windows Hyper-V Denial of Service Vulnerability
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43567 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43567 | k0shl with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43570 MITRE NVD |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43570 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5044286 (Security Update) | Important | Elevation of Privilege | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5044286 (Security Update) | Important | Elevation of Privilege | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Elevation of Privilege | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Elevation of Privilege | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Elevation of Privilege | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Elevation of Privilege | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Elevation of Privilege | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Elevation of Privilege | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Elevation of Privilege | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Elevation of Privilege | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Elevation of Privilege | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Elevation of Privilege | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Elevation of Privilege | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Elevation of Privilege | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Elevation of Privilege | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43570 | Jael Koh |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43571 MITRE NVD |
CVE Title: Sudo for Windows Spoofing Vulnerability
Description: Unknown FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required are low (PR:L). What does that mean for this vulnerability? An authenticated attacker must launch a specially crafted malicious application and wait for the victim to perform a command in a console window for the vulnerability to be exploited. Mitigations: Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43571 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Spoofing | None | Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Spoofing | None | Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43571 | Michael Torres |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43572 MITRE NVD |
CVE Title: Microsoft Management Console Remote Code Execution Vulnerability
Description: Unknown FAQ: What does the security update provide to mitigate the risks associated with this vulnerability? The security update will prevent untrusted Microsoft Saved Console (MSC) files from being opened to protect customers against the risks associated with this vulnerability. According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Detected | Not Found | N/A | Yes | Yes |
The following tables list the affected software details for the vulnerability.
CVE-2024-43572 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5044286 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5044286 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43572 | Andres and Shady |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43574 MITRE NVD |
CVE Title: Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability
Description: Unknown FAQ: How could an attacker exploit this vulnerability? An attacker could exploit a use after free vulnerability within the OS SAPI component to execute arbitrary code in the context of the compromised user to disclose sensitive information, compromise system integrity or impact the availability of the victim's system. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? This vulnerability could lead to a browser sandbox escape. According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires an authenticated client to click a link in order for an unauthenticated attacker to initiate remote code execution. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43574 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 8.3 Temporal: 7.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 8.3 Temporal: 7.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 8.3 Temporal: 7.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 8.3 Temporal: 7.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 8.3 Temporal: 7.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 8.3 Temporal: 7.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Remote Code Execution | None | Base: 8.3 Temporal: 7.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Remote Code Execution | None | Base: 8.3 Temporal: 7.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 8.3 Temporal: 7.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 8.3 Temporal: 7.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 8.3 Temporal: 7.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 8.3 Temporal: 7.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Remote Code Execution | None | Base: 8.3 Temporal: 7.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Remote Code Execution | None | Base: 8.3 Temporal: 7.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 8.3 Temporal: 7.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 8.3 Temporal: 7.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Remote Code Execution | None | Base: 8.3 Temporal: 7.2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43574 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43575 MITRE NVD |
CVE Title: Windows Hyper-V Denial of Service Vulnerability
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43575 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows Server 2016 | 5044293 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43575 | k0shl with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43582 MITRE NVD |
CVE Title: Remote Desktop Protocol Server Remote Code Execution Vulnerability
Description: Unknown FAQ: How could an attacker exploit this vulnerability? To exploit this vulnerability, an unauthenticated attacker would need to send malformed packets to a RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43582 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Critical | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Critical | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Critical | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Critical | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Critical | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Critical | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Critical | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Critical | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Critical | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Critical | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Critical | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Critical | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Critical | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Critical | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Critical | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Critical | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Critical | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Critical | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Critical | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Critical | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Critical | Remote Code Execution | None | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43582 | VictorV(Tang tianwen) with Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43584 MITRE NVD |
CVE Title: Windows Scripting Engine Security Feature Bypass Vulnerability
Description: Unknown FAQ: here is the question here is the answer What kind of security feature could be bypassed by successfully exploiting this vulnerability? The Anti-Malware Scanning Interface implementation in the newer jscript9legacy.dll is not enabled when running in cscript/wscript leading to a bypass. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43584 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Security Feature Bypass | None | Base: 7.7 Temporal: 6.7 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Security Feature Bypass | None | Base: 7.7 Temporal: 6.7 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Security Feature Bypass | None | Base: 7.7 Temporal: 6.7 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Security Feature Bypass | None | Base: 7.7 Temporal: 6.7 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Security Feature Bypass | None | Base: 7.7 Temporal: 6.7 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Security Feature Bypass | None | Base: 7.7 Temporal: 6.7 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Security Feature Bypass | None | Base: 7.7 Temporal: 6.7 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Security Feature Bypass | None | Base: 7.7 Temporal: 6.7 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Security Feature Bypass | None | Base: 7.7 Temporal: 6.7 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Security Feature Bypass | None | Base: 7.7 Temporal: 6.7 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Security Feature Bypass | None | Base: 7.7 Temporal: 6.7 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43584 | Marius Negrutiu with AVIRA Garrett Moore with CrowdStrike |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43585 MITRE NVD |
CVE Title: Code Integrity Guard Security Feature Bypass Vulnerability
Description: Unknown FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could trick Windows Code Integrity Guard (CIG) into trusting the file the attacker altered to contain arbitrary content bypassing CIG integrity checks. According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of integrity (I:H). What does that mean for this vulnerability? An authenticated attacker could replace valid file content with specially crafted file content. Mitigations: Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43585 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Security Feature Bypass | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Security Feature Bypass | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Security Feature Bypass | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Security Feature Bypass | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Security Feature Bypass | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Security Feature Bypass | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Security Feature Bypass | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Security Feature Bypass | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Security Feature Bypass | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Security Feature Bypass | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Security Feature Bypass | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Security Feature Bypass | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Security Feature Bypass | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Security Feature Bypass | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Security Feature Bypass | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Security Feature Bypass | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Security Feature Bypass | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Security Feature Bypass | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Security Feature Bypass | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Security Feature Bypass | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Security Feature Bypass | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43585 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43589 MITRE NVD |
CVE Title: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43589 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
Yes |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 8.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43589 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43590 MITRE NVD |
CVE Title: Visual C++ Redistributable Installer Elevation of Privilege Vulnerability
Description: Unknown FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could create or delete files in the security context of the “NT AUTHORITY\ LOCAL SERVICE” account. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43590 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Visual Studio 2022 version 17.10 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Visual Studio 2022 version 17.11 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Visual C++ Redistributable Installer | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2024-43590 | Sandro Poppi |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43591 MITRE NVD |
CVE Title: Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability
Description: Unknown FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires the attacker to be assigned the role of “Security Admin” or “Contributor”. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? The vulnerability enables an attacker to run specific Azure CLI commands to perform service management operations or deploy other Azure resources in the victim's subscription. How could an attacker exploit the vulnerability? An attacker assigned the role of "Security Admin" or "Contributor" in the target environment could run specific Azure CLI commands that result in certain service management operations being performed with System level permissions in Azure Defender for Cloud. An attacker could use this vulnerability to deploy or manage Defender for Cloud resources they are not permitted to access. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43591 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Azure CLI | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H/E:U/RL:O/RC:C |
No |
Azure Service Connector | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 8.7 Temporal: 7.6 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H/E:U/RL:O/RC:C |
No |
CVE ID | Acknowledgements |
CVE-2024-43591 | Peng Zhou (zpbrent) with Shanghai University |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43592 MITRE NVD |
CVE Title: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Description: Unknown FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires an admin user on the client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. How could an attacker exploit this vulnerability? An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. How could an attacker exploit this vulnerability? An attacker who successfully exploited this vulnerability could gain remote code execution (RCE) on the victim's machine. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of this vulnerability requires a user to remote into a server that is controlled by an attacker, which could then allow the server to execute a command on the user's machine without their consent. This scenario assumes that the user has the ability to remote into the server and that the server has been compromised to execute such commands upon connection. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43592 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43592 | Nirmala Nawale with Microsoft |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43593 MITRE NVD |
CVE Title: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Description: Unknown FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43593 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43593 | Nirmala Nawale with Microsoft |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43599 MITRE NVD |
CVE Title: Remote Desktop Client Remote Code Execution Vulnerability
Description: Unknown FAQ: How could an attacker exploit this vulnerability? In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43599 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5044286 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5044286 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43599 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43603 MITRE NVD |
CVE Title: Visual Studio Collector Service Denial of Service Vulnerability
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43603 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Visual Studio 2015 Update 3 | 5045536 (Security Update) | Important | Denial of Service | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | Release Notes (Security Update) | Important | Denial of Service | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | Release Notes (Security Update) | Important | Denial of Service | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Visual Studio 2022 version 17.10 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Visual Studio 2022 version 17.11 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Denial of Service | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2024-43603 | Naor Hodorov |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43583 MITRE NVD |
CVE Title: Winlogon Elevation of Privilege Vulnerability
Description: Unknown FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Are there any further actions I need to take to be protected from this vulnerability? Yes. To address this vulnerability, ensure that a Microsoft first-party IME is enabled on your device. By doing so, you can help protect your device from potential vulnerabilities associated with a third-party (3P) IME during the sign in process. For further information on how to enable a Microsoft first-party IME on your device, see KB5046254: Vulnerability when using a third-party Input Method Editor at the Microsoft Windows sign in screen. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Not Found | N/A | Yes | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43583 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5044286 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5044286 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for 32-bit Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H2 for x64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for 32-bit Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for ARM64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 22H2 for x64-based Systems | 5044273 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for ARM64-based Systems | 5044280 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 version 21H2 for x64-based Systems | 5044280 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 22H2 for x64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for ARM64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 23H2 for x64-based Systems | 5044285 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for ARM64-based Systems | 5044284 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 Version 24H2 for x64-based Systems | 5044284 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43583 | pwnull wh1tc & Zhiniang Peng |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43614 MITRE NVD |
CVE Title: Microsoft Defender for Endpoint for Linux Spoofing Vulnerability
Description: Unknown FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43614 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Defender for Endpoint for Linux | Release Notes (Security Update) | Important | Spoofing | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
No |
CVE ID | Acknowledgements |
CVE-2024-43614 | Zero Wan with QRT Zero Wan with QRT |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
CVE-2024-9369 MITRE NVD |
CVE Title: Chromium: CVE-2024-9369 Insufficient data validation in Mojo
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2024-10-03T22:14:35     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2024-9369 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2024-9369 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||
CVE-2024-9370 MITRE NVD |
CVE Title: Chromium: CVE-2024-9370 Inappropriate implementation in V8
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    2024-10-03T22:14:37     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | N/A | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2024-9370 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2024-9370 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43611 MITRE NVD |
CVE Title: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Description: Unknown FAQ: How could an attacker exploit this vulnerability? An attacker who successfully exploited this vulnerability could gain remote code execution (RCE) on the victim's machine. How could an attacker exploit this vulnerability? An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43611 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5044320 (Monthly Rollup) 5044306 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5044356 (Monthly Rollup) 5044321 (Security Only) |
Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5044342 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5044342 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5044343 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5044343 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5044293 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5044277 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5044281 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022, 23H2 Edition (Server Core installation) | 5044288 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2024-43611 | Nirmala Nawale with Microsoft |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2024-43488 MITRE NVD |
CVE Title: Visual Studio Code extension for Arduino Remote Code Execution Vulnerability
Description: Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector. FAQ: Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability? This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. This purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information. Where do I find the update for Visual Studio Code extension for Arduino? Microsoft is not planning on fixing this vulnerability in Visual Studio Code extension for Arduino as the extension has been deprecated. The deprecation was announced here: Arduino (deprecated). Microsoft recommends that customers use Arduino IDE software. Mitigations: None Workarounds: None Revision: 1.0    2024-10-08T07:00:00     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Not Found | N/A | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2024-43488 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Visual Studio Code | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown |
CVE ID | Acknowledgements |
CVE-2024-43488 | None |