April 2024 Patch Tuesday: Microsoft releases 147 fixes this month including 3 Critical Threats.

Microsoft releases 147 fixes this month including 3 Critical Threats.

We also have 142 Important severities fixed covering Microsoft Windows, Windows Components, Office, Azure, .NET Framework, Visual Studio, SQL Server, & Windows Secure Boot making this the largest release of updates in over 5 years.

Robert Brown, Head of Customer Success for Syxsense said, “We go from the smallest Patch Tuesday in March to the largest Patch Tuesday of all time in April.  You must prioritise what you are vulnerable for, as some of these Threats carry the Jump Point threat.  If you count all the individual CVSS scores together, April has a combined CVSS score of 1105.4 where the average CVSS score was 7.6.  This is a massive rollout for any IT Manager and we recommend deploying based on your Patch Risk Profile in order to reduce the burden on your network which may be caused if you deploy everything at once.”

Based on the Vendor Severity & CVSS Score, we have made a few recommendations below.  As usual we recommend our customers enter the CVE numbers below into your Patch Management solution and deploy as soon as testing is complete.

 

CVE-2024-29988 – SmartScreen Prompt Security Feature Bypass Vulnerability

To exploit this security feature bypass vulnerability, an attacker would need to convince a user to launch malicious files using a launcher application that requests that no UI be shown.

Syxscore

  • Vendor Severity: Important
  • CVSS: 8.8
  • Weaponised: No
  • Public Aware: No
  • Countermeasure: No

Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope / Jump Point: Unchanged / No

CVE-2024-20678 – Remote Procedure Call Runtime Remote Code Execution Vulnerability

To exploit this vulnerability, an authenticated attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service.  Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges.

Syxscore

  • Vendor Severity: Important
  • CVSS: 8.8
  • Weaponised: No
  • Public Aware: No
  • Countermeasure: No

Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope / Jump Point: Unchanged / No

CVE-2024-26158 – Microsoft Install Service Elevation of Privilege Vulnerability

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Note:  The vulnerability has Exploitation More Likely

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.8
  • Weaponised: No
  • Public Aware: No
  • Countermeasure: No

Risk

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope / Jump Point: Unhanged / No
Reference Description Vendor Severity CVSS Score Weaponised Publicly Aware Additional Details Impact Exploitability Assessment
CVE-2024-29988 SmartScreen Prompt Security Feature Bypass Vulnerability Important 8.8 No No To exploit this security feature bypass vulnerability, an attacker would need to convince a user to launch malicious files using a launcher application that requests that no UI be shown. Remote Code Execution Exploitation More Likely
CVE-2024-20678 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No To exploit this vulnerability, an authenticated attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service.

Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges.

 Remote Code Execution Exploitation Less Likely
CVE-2024-26158 Microsoft Install Service Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Elevation of Privilege Exploitation More Likely
CVE-2024-29990 Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability Important 9.0 No No Scope = Changed, Jump Point = True Elevation of Privilege Exploitation Less Likely
CVE-2024-21323 Microsoft Defender for IoT Remote Code Execution Vulnerability Critical 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-29053 Microsoft Defender for IoT Remote Code Execution Vulnerability Critical 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-21322 Microsoft Defender for IoT Remote Code Execution Vulnerability Critical 7.2 No No Remote Code Execution Exploitation Less Likely
CVE-2024-26179 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-26200 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-26205 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-26210 Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-26214 Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-26244 Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-28906 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-28908 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-28909 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-28910 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-28911 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-28912 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-28913 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-28914 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-28915 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-28926 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-28927 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-28929 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-28930 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-28931 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-28932 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-28933 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-28934 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-28935 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-28936 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-28937 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-28938 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-28939 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-28940 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-28941 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-28942 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-28943 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-28944 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-28945 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-29043 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-29044 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-29046 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-29047 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-29048 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-29982 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-29983 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-29984 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-29985 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-29050 Windows Cryptographic Services Remote Code Execution Vulnerability Important 8.4 No No Remote Code Execution Exploitation Less Likely
CVE-2024-29989 Azure Monitor Agent Elevation of Privilege Vulnerability Important 8.4 No No Scope = Changed, Jump Point = True Elevation of Privilege Exploitation Less Likely
CVE-2024-26180 Secure Boot Security Feature Bypass Vulnerability Important 8.0 No No Security Feature Bypass Exploitation Less Likely
CVE-2024-26189 Secure Boot Security Feature Bypass Vulnerability Important 8.0 No No Security Feature Bypass Exploitation Less Likely
CVE-2024-26240 Secure Boot Security Feature Bypass Vulnerability Important 8.0 No No Security Feature Bypass Exploitation Less Likely
CVE-2024-28925 Secure Boot Security Feature Bypass Vulnerability Important 8.0 No No Security Feature Bypass Exploitation Less Likely
CVE-2024-29992 Azure Identity Library for .NET Information Disclosure Vulnerability Moderate 8.0 No No Information Disclosure Exploitation Less Likely
CVE-2024-26211 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important 7.8 No No Elevation of Privilege Exploitation More Likely
CVE-2024-26218 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No Elevation of Privilege Exploitation More Likely
CVE-2024-26230 Windows Telephony Server Elevation of Privilege Vulnerability Important 7.8 No No Elevation of Privilege Exploitation More Likely
CVE-2024-26239 Windows Telephony Server Elevation of Privilege Vulnerability Important 7.8 No No Elevation of Privilege Exploitation More Likely
CVE-2024-26241 Win32k Elevation of Privilege Vulnerability Important 7.8 No No Elevation of Privilege Exploitation More Likely
CVE-2024-26256 libarchive Remote Code Execution Vulnerability Important 7.8 No No Remote Code Execution Exploitation More Likely
CVE-2024-20693 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No Elevation of Privilege Exploitation Less Likely
CVE-2024-21447 Windows Authentication Elevation of Privilege Vulnerability Important 7.8 No No Elevation of Privilege Exploitation Less Likely
CVE-2024-26175 Secure Boot Security Feature Bypass Vulnerability Important 7.8 No No Security Feature Bypass Exploitation Less Likely
CVE-2024-26228 Windows Cryptographic Services Security Feature Bypass Vulnerability Important 7.8 No No Security Feature Bypass Exploitation Less Likely
CVE-2024-26229 Windows CSC Service Elevation of Privilege Vulnerability Important 7.8 No No Elevation of Privilege Exploitation Less Likely
CVE-2024-26235 Windows Update Stack Elevation of Privilege Vulnerability Important 7.8 No No Elevation of Privilege Exploitation Less Likely
CVE-2024-26237 Windows Defender Credential Guard Elevation of Privilege Vulnerability Important 7.8 No No Elevation of Privilege Exploitation Less Likely
CVE-2024-26245 Windows SMB Elevation of Privilege Vulnerability Important 7.8 No No Elevation of Privilege Exploitation Less Likely
CVE-2024-26257 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-28904 Microsoft Brokering File System Elevation of Privilege Vulnerability Important 7.8 No No Scope = Changed, Jump Point = True Elevation of Privilege Exploitation Less Likely
CVE-2024-28905 Microsoft Brokering File System Elevation of Privilege Vulnerability Important 7.8 No No Scope = Changed, Jump Point = True Elevation of Privilege Exploitation Less Likely
CVE-2024-28907 Microsoft Brokering File System Elevation of Privilege Vulnerability Important 7.8 No No Scope = Changed, Jump Point = True Elevation of Privilege Exploitation Less Likely
CVE-2024-28920 Secure Boot Security Feature Bypass Vulnerability Important 7.8 No No Security Feature Bypass Exploitation Less Likely
CVE-2024-29052 Windows Storage Elevation of Privilege Vulnerability Important 7.8 No No Elevation of Privilege Exploitation Less Likely
CVE-2024-29061 Secure Boot Security Feature Bypass Vulnerability Important 7.8 No No Security Feature Bypass Exploitation Less Likely
CVE-2024-26212 DHCP Server Service Denial of Service Vulnerability Important 7.5 No No Denial of Service Exploitation More Likely
CVE-2024-26215 DHCP Server Service Denial of Service Vulnerability Important 7.5 No No Denial of Service Exploitation Less Likely
CVE-2024-26219 HTTP.sys Denial of Service Vulnerability Important 7.5 No No Denial of Service Exploitation Less Likely
CVE-2024-26248 Windows Kerberos Elevation of Privilege Vulnerability Important 7.5 No No Elevation of Privilege Exploitation Less Likely
CVE-2024-26254 Microsoft Virtual Machine Bus (VMBus) Denial of Service Vulnerability Important 7.5 No No Denial of Service Exploitation Less Likely
CVE-2024-28896 Secure Boot Security Feature Bypass Vulnerability Important 7.5 No No Security Feature Bypass Exploitation Less Likely
CVE-2024-29045 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability Important 7.5 No No Remote Code Execution Exploitation Less Likely
CVE-2024-26194 Secure Boot Security Feature Bypass Vulnerability Important 7.4 No No Security Feature Bypass Exploitation Less Likely
CVE-2024-21409 .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability Important 7.3 No No An authenticated attacker who successfully exploited a vulnerability in WordPad when closing a maliciously crafted .docx file could trigger execution of malicious code. Remote Code Execution Exploitation Less Likely
CVE-2024-26216 Windows File Server Resource Management Service Elevation of Privilege Vulnerability Important 7.3 No No Elevation of Privilege Exploitation Less Likely
CVE-2024-26232 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Important 7.3 No No Remote Code Execution Exploitation Less Likely
CVE-2024-29063 Azure AI Search Information Disclosure Vulnerability Important 7.3 No No Information Disclosure Exploitation Less Likely
CVE-2024-21324 Microsoft Defender for IoT Elevation of Privilege Vulnerability Important 7.2 No No Elevation of Privilege Exploitation Less Likely
CVE-2024-26195 DHCP Server Service Remote Code Execution Vulnerability Important 7.2 No No Remote Code Execution Exploitation Less Likely
CVE-2024-26202 DHCP Server Service Remote Code Execution Vulnerability Important 7.2 No No Remote Code Execution Exploitation Less Likely
CVE-2024-26208 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Important 7.2 No No Remote Code Execution Exploitation Less Likely
CVE-2024-26221 Windows DNS Server Remote Code Execution Vulnerability Important 7.2 No No Remote Code Execution Exploitation Less Likely
CVE-2024-26222 Windows DNS Server Remote Code Execution Vulnerability Important 7.2 No No Remote Code Execution Exploitation Less Likely
CVE-2024-26223 Windows DNS Server Remote Code Execution Vulnerability Important 7.2 No No Remote Code Execution Exploitation Less Likely
CVE-2024-26224 Windows DNS Server Remote Code Execution Vulnerability Important 7.2 No No Remote Code Execution Exploitation Less Likely
CVE-2024-26227 Windows DNS Server Remote Code Execution Vulnerability Important 7.2 No No Remote Code Execution Exploitation Less Likely
CVE-2024-26231 Windows DNS Server Remote Code Execution Vulnerability Important 7.2 No No Remote Code Execution Exploitation Less Likely
CVE-2024-26233 Windows DNS Server Remote Code Execution Vulnerability Important 7.2 No No Remote Code Execution Exploitation Less Likely
CVE-2024-29054 Microsoft Defender for IoT Elevation of Privilege Vulnerability Important 7.2 No No Elevation of Privilege Exploitation Less Likely
CVE-2024-29055 Microsoft Defender for IoT Elevation of Privilege Vulnerability Important 7.2 No No Elevation of Privilege Exploitation Less Likely
CVE-2024-29066 Windows Distributed File System (DFS) Remote Code Execution Vulnerability Important 7.2 No No Remote Code Execution Exploitation Less Likely
CVE-2024-20688 Secure Boot Security Feature Bypass Vulnerability Important 7.1 No No Security Feature Bypass Exploitation Less Likely
CVE-2024-20689 Secure Boot Security Feature Bypass Vulnerability Important 7.1 No No Security Feature Bypass Exploitation Less Likely
CVE-2024-29062 Secure Boot Security Feature Bypass Vulnerability Important 7.1 No No Security Feature Bypass Exploitation Less Likely
CVE-2024-26213 Microsoft Brokering File System Elevation of Privilege Vulnerability Important 7.0 No No Elevation of Privilege Exploitation Less Likely
CVE-2024-26236 Windows Update Stack Elevation of Privilege Vulnerability Important 7.0 No No Elevation of Privilege Exploitation Less Likely
CVE-2024-26242 Windows Telephony Server Elevation of Privilege Vulnerability Important 7.0 No No Elevation of Privilege Exploitation Less Likely
CVE-2024-26243 Windows USB Print Driver Elevation of Privilege Vulnerability Important 7.0 No No Elevation of Privilege Exploitation Less Likely
CVE-2024-26168 Secure Boot Security Feature Bypass Vulnerability Important 6.8 No No Security Feature Bypass Exploitation Less Likely
CVE-2024-26251 Microsoft SharePoint Server Spoofing Vulnerability Important 6.8 No No Spoofing Exploitation Less Likely
CVE-2024-26252 Windows rndismp6.sys Remote Code Execution Vulnerability Important 6.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-26253 Windows rndismp6.sys Remote Code Execution Vulnerability Important 6.8 No No Remote Code Execution Exploitation Less Likely
CVE-2024-28897 Secure Boot Security Feature Bypass Vulnerability Important 6.8 No No Security Feature Bypass Exploitation Less Likely
CVE-2024-26234 Proxy Driver Spoofing Vulnerability Important 6.7 No No Spoofing Exploitation More Likely
CVE-2024-28903 Secure Boot Security Feature Bypass Vulnerability Important 6.7 No No An attacker who successfully exploited this vulnerability could bypass Secure Boot. Security Feature Bypass Exploitation More Likely
CVE-2024-28921 Secure Boot Security Feature Bypass Vulnerability Important 6.7 Yes No An attacker who successfully exploited this vulnerability could bypass Secure Boot. Security Feature Bypass Exploitation More Likely
CVE-2024-20669 Secure Boot Security Feature Bypass Vulnerability Important 6.7 No No Security Feature Bypass Exploitation Less Likely
CVE-2024-26171 Secure Boot Security Feature Bypass Vulnerability Important 6.7 No No Security Feature Bypass Exploitation Less Likely
CVE-2024-26250 Secure Boot Security Feature Bypass Vulnerability Important 6.7 No No Security Feature Bypass Exploitation Less Likely
CVE-2024-28919 Secure Boot Security Feature Bypass Vulnerability Important 6.7 No No Security Feature Bypass Exploitation Less Likely
CVE-2024-28924 Secure Boot Security Feature Bypass Vulnerability Important 6.7 No No Security Feature Bypass Exploitation Less Likely
CVE-2024-21424 Azure Compute Gallery Elevation of Privilege Vulnerability Important 6.5 No No Elevation of Privilege Exploitation Less Likely
CVE-2024-26183 Windows Kerberos Denial of Service Vulnerability Important 6.5 No No Denial of Service Exploitation Less Likely
CVE-2024-26226 Windows Distributed File System (DFS) Information Disclosure Vulnerability Important 6.5 No No Information Disclosure Exploitation Less Likely
CVE-2024-26193 Azure Migrate Remote Code Execution Vulnerability Important 6.4 No No Remote Code Execution Exploitation Less Likely
CVE-2024-28923 Secure Boot Security Feature Bypass Vulnerability Important 6.4 No No Security Feature Bypass Exploitation Less Likely
CVE-2024-28898 Secure Boot Security Feature Bypass Vulnerability Important 6.3 No No Security Feature Bypass Exploitation Less Likely
CVE-2024-29064 Windows Hyper-V Denial of Service Vulnerability Important 6.2 No No Denial of Service Exploitation Less Likely
CVE-2024-28917 Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability Important 6.2 No No Scope = Changed, Jump Point = True Elevation of Privilege N/A
CVE-2024-20665 BitLocker Security Feature Bypass Vulnerability Important 6.1 No No An attacker who successfully exploited this vulnerability could bypass Secure Boot. Security Feature Bypass Exploitation Less Likely
CVE-2024-20685 Azure Private 5G Core Denial of Service Vulnerability Moderate 5.9 No No Denial of Service Exploitation Less Likely
CVE-2024-26209 Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability Important 5.5 No No Information Disclosure Exploitation More Likely
CVE-2024-26172 Windows DWM Core Library Information Disclosure  Vulnerability Important 5.5 No No Information Disclosure Exploitation Less Likely
CVE-2024-26207 Windows Remote Access Connection Manager Information Disclosure Vulnerability Important 5.5 No No Information Disclosure Exploitation Less Likely
CVE-2024-26217 Windows Remote Access Connection Manager Information Disclosure Vulnerability Important 5.5 No No Information Disclosure Exploitation Less Likely
CVE-2024-26255 Windows Remote Access Connection Manager Information Disclosure Vulnerability Important 5.5 No No Information Disclosure Exploitation Less Likely
CVE-2024-28900 Windows Remote Access Connection Manager Information Disclosure Vulnerability Important 5.5 No No Information Disclosure Exploitation Less Likely
CVE-2024-28901 Windows Remote Access Connection Manager Information Disclosure Vulnerability Important 5.5 No No Information Disclosure Exploitation Less Likely
CVE-2024-28902 Windows Remote Access Connection Manager Information Disclosure Vulnerability Important 5.5 No No Information Disclosure Exploitation Less Likely
CVE-2024-26220 Windows Mobile Hotspot Information Disclosure Vulnerability Important 5.0 No No Information Disclosure Exploitation Less Likely
CVE-2024-29056 Windows Authentication Elevation of Privilege Vulnerability Important 4.3 No No Elevation of Privilege Exploitation More Likely
CVE-2024-28922 Secure Boot Security Feature Bypass Vulnerability Important 4.1 No No Security Feature Bypass Exploitation Less Likely
CVE-2024-20670 Outlook for Windows Spoofing Vulnerability Important TBA No No Spoofing Exploitation Less Likely
CVE-2024-29993 Azure CycleCloud Elevation of Privilege Vulnerability Important TBA No No Elevation of Privilege Exploitation Less Likely

Related Posts

Automated Vulnerability Management: Outpacing Attackers with Efficiency

Automated Vulnerability Management: Outpacing Attackers with Efficiency

April 25, 2024
A Cyber Essential: Vulnerability Scanner as an Essential Line of Defense

A Cyber Essential: Vulnerability Scanner as an Essential Line of Defense

April 23, 2024
If Vulnerabilities Can Take Down Even the Most Prepared, What Can You Do?

If Vulnerabilities Can Take Down Even the Most Prepared, What Can You Do?

April 20, 2024
Previewing RSA Conference 2024: Top Security Themes

Previewing RSA Conference 2024: Top Security Themes

April 15, 2024