October 2024 Microsoft Patch Tuesday: Addressing 115 Vulnerabilities Including 2 Weaponised Threats
Welcome to the October 2024 Microsoft Patch Tuesday Update
This month, Microsoft has delivered a substantial update, addressing 115 vulnerabilities. Notably, several of these vulnerabilities have been weaponized AND are publicly aware, with some carrying a critical CVSS score of 9.8. The update includes 3 critical patches, 108 important fixes, and the remaining as moderate and low, covering products such as Windows, Windows Components, Hyper-V, RDP, Office, Visual Studio, SQL Server and .NET.
Robert Brown, Head of Customer Success at Syxsense, underscores the need for strategic prioritization in vulnerability management. He draws attention to the presence of threats that could potentially serve as Jump Points, urging organizations to maintain heightened vigilance. With a combined CVSS score of 849.4 for and an average score of 7.4, the critical nature of these vulnerabilities demands focused and careful remediation efforts.
Based on Vendor Severity and CVSS Scores, we recommend integrating the provided CVE numbers into your Patch Management solution. Once thorough testing is complete, deployment should proceed without delay.
1. CVE-2024-43572 – Microsoft Management Console Remote Code Execution Vulnerability
CVE-2024-43572 is a vulnerability in the Microsoft Management Console (MMC) that can lead to Remote Code Execution (RCE). While it is categorized as a moderate severity issue, the vulnerability has been weaponized, meaning attackers have already developed exploits for it. Public awareness of the vulnerability also increases its potential for being targeted in attacks.
Syxscore:
- Vendor Severity: Moderate
- CVSS: 7.8 (High severity but not Critical).
- Weaponized: Yes (exploit tools or methods are already in circulation).
- Public Awareness: Yes (the vulnerability is publicly known, raising its risk).
- Countermeasure: No (there is currently no available patch or built-in mitigation).
Risk Factors:
- Attack Vector: Local (the attacker requires local access to the target system).
- Attack Complexity: Low (the vulnerability is easy to exploit, requiring minimal effort).
- Privileges Required: None (the attacker does not need administrative rights).
- User Interaction: Required (the exploit needs the victim to perform an action, such as opening a malicious file).
- Scope / Jump Point: Unchanged / No (the exploit does not allow attackers to move laterally across systems).
2. CVE-2024-43573 – Windows MSHTML Platform Spoofing Vulnerability
CVE-2024-43573 is a vulnerability in the MSHTML platform, which is still supported despite the retirement of Internet Explorer 11 and the deprecation of Microsoft Edge Legacy. This vulnerability allows an attacker to spoof content and potentially manipulate how the platform is perceived by users. The MSHTML platform is still in use through Internet Explorer mode in Microsoft Edge and through the WebBrowser control in other applications. This makes it a lingering issue for systems relying on legacy web rendering and scripting engines.
This vulnerability allows an attacker to exploit spoofing vulnerabilities in the MSHTML platform, leading to potential phishing or man-in-the-middle attacks. This can result in users interacting with malicious content that appears legitimate. Updates for the MSHTML platform and its scripting engine are delivered through IE Cumulative Updates, ensuring that even legacy systems can stay protected if they apply the proper patches.
Syxscore:
- Vendor Severity: Moderate
- CVSS: 6.5 (Moderate severity, likely due to the nature of spoofing attacks rather than more direct code execution).
- Weaponized: Yes (exploits have been developed).
- Public Awareness: Yes (known publicly, increasing the risk of exploitation).
- Countermeasure: No (no specific patch or immediate mitigation beyond updates).
Risk Factors:
- Attack Vector: Network (exploitable over a network connection, often through a malicious website or web application).
- Attack Complexity: Low (the vulnerability is easy to exploit).
- Privileges Required: None (no administrative privileges are required).
- User Interaction: Required (the user must interact with the malicious content, such as visiting a spoofed site).
- Scope / Jump Point: Unchanged / No (the exploit does not lead to lateral movement or system access beyond the targeted user session).
3. CVE-2024-43583 – Winlogon Elevation of Privilege Vulnerability
CVE-2024-43583 is an Elevation of Privilege (EoP) vulnerability in Winlogon, a critical component of the Windows operating system responsible for handling user login and session functionality. Successful exploitation of this vulnerability could allow an attacker to gain SYSTEM-level privileges, enabling them to perform high-impact actions on the affected system, including installing programs, viewing or modifying data, or creating new accounts with full user rights.
The vulnerability can be exploited locally, allowing an attacker with low privileges to elevate their access to SYSTEM — the highest level of privilege in Windows. With SYSTEM-level access, attackers can take full control of the system, potentially leading to serious security breaches. The CVSS score of 7.8 reflects the significant risk posed by this vulnerability, even though no weaponized exploit has been detected yet.
Syxscore:
- Vendor Severity: Important
- CVSS: 7.8
- Weaponised: No
- Public Awareness: Yes
- Countermeasure: No
Risk Factors:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope / Jump Point: Unchanged / No
4. CVE-2024-20659 – Windows Hyper-V Security Feature Bypass Vulnerability
CVE-2024-20659 is a security feature bypass vulnerability in Windows Hyper-V, specifically related to Unified Extensible Firmware Interface (UEFI) on certain hardware configurations. This vulnerability could allow an attacker to bypass the security features of the UEFI environment, which may lead to the compromise of both the hypervisor and the secure kernel. Hyper-V, being a key virtualization technology, could leave virtual machines vulnerable to attack if the hypervisor is compromised.
This vulnerability could potentially allow an attacker to bypass the UEFI protection on specific hardware, leading to a full compromise of the Hyper-V environment. This means that virtual machines running on affected systems could be at risk, especially if the hypervisor and secure kernel are compromised. However, the high attack complexity reduces the likelihood of this vulnerability being easily exploited in practice.
Syxscore:
- Vendor Severity: Important
- CVSS: 7.1
- Weaponised: No
- Public Awareness: Yes
- Countermeasure: No
Risk Factors:
- Attack Vector: Adjacent
- Attack Complexity: High
- Privileges Required: None
- User Interaction: Required
- Scope / Jump Point: Unchanged / No
5. CVE-2024-43468 – Microsoft Configuration Manager Remote Code Execution Vulnerability
CVE-2024-43468 is a Remote Code Execution (RCE) vulnerability in Microsoft Configuration Manager, which could allow an attacker to execute arbitrary code on a vulnerable system. The Management Point in Microsoft Configuration Manager, by default, uses its Computer account as the connection account, but this vulnerability suggests enhancing security by configuring an alternate service account. Doing so can prevent exploitation of this critical vulnerability and improve overall security posture.
If exploited, this vulnerability could enable an attacker to execute code remotely over a network, potentially compromising systems managed by Microsoft Configuration Manager. With a CVSS score of 9.8, this vulnerability is highly critical due to its network-based attack vector and the absence of required privileges or user interaction. However, weaponization has not been observed, and countermeasures are available, which can mitigate the threat.
Syxscore:
- Vendor Severity: Critical
- CVSS: 9.8
- Weaponised: No
- Public Awareness: No
- Countermeasure: Yes
Risk Factors:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope / Jump Point: Unchanged / No
| Reference | Description | Severity | CVSS Score | Weaponised | Publicly Aware | Countermeasure | Additional Details | Impact | Exploitability Assessment |
| CVE-2024-43572 | Microsoft Management Console Remote Code Execution Vulnerability | Moderate | 7.8 | Yes | Yes | No | Remote Code Execution | Exploitation Detected | |
| CVE-2024-43573 | Windows MSHTML Platform Spoofing Vulnerability | Moderate | 6.5 | Yes | Yes | No | Spoofing | Exploitation Detected | |
| CVE-2024-43583 | Winlogon Elevation of Privilege Vulnerability | Important | 7.8 | No | Yes | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation More Likely |
| CVE-2024-20659 | Windows Hyper-V Security Feature Bypass Vulnerability | Important | 7.1 | No | Yes | No | This Hypervisor vulnerability relates to Virtual Machines within a Unified Extensible Firmware Interface (UEFI) host machine. On some specific hardware it might be possible to bypass the UEFI, which could lead to the compromise of the hypervisor and the secure kernel. | Security Feature Bypass | Exploitation Less Likely |
| CVE-2024-43468 | Microsoft Configuration Manager Remote Code Execution Vulnerability | Critical | 9.8 | No | No | Configure an alternate service account as the Management point connection account. The Management point uses its Computer account by default as the Management point connection account. To enhance your security posture, we recommend specifying an alternate service account instead of the Computer account. More information can be found here: Accounts used – Configuration Manager | Microsoft Learn. |
Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-38124 | Windows Netlogon Elevation of Privilege Vulnerability | Important | 9.0 | No | No | Predictable Naming Conventions: Avoid using predictable naming conventions for domain controllers to prevent attackers from renaming their machines to match the next name to be assigned to a new domain controller. Secure Channel Validation: Ensure that the secure channel is validated against more than just the computer name of the machine it was delivered to. This can help prevent attackers from impersonating the domain controller by obtaining the handle and waiting for the appointment to happen. Monitor for Renaming Activities: Implement monitoring for any suspicious renaming activities of computers within the network. This can help with early detection and prevention of potential attacks. Enhanced Authentication Mechanisms: Consider using enhanced authentication mechanisms that go beyond the current validation methods to ensure the authenticity of the domain controller and the secure channel. |
Scope = Changed, Jump Point = True An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities. |
Elevation of Privilege | Exploitation Less Likely |
| CVE-2024-43488 | Visual Studio Code extension for Arduino Remote Code Execution Vulnerability | Critical | 8.8 | No | No | No | Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector. | Remote Code Execution | Exploitation Less Likely |
| CVE-2024-38179 | Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege Vulnerability | Important | 8.8 | No | No | No | Scope = Changed, Jump Point = True Successful exploitation of this vulnerability could allow an attacker to perform operations in the victim’s hybrid cloud environment with the same privileges as the compromised managed identity. |
Elevation of Privilege | Exploitation Less Likely |
| CVE-2024-38212 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-38265 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-43453 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-43517 | Microsoft ActiveX Data Objects Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-43518 | Windows Telephony Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | An attacker could exploit the vulnerability by remotely managing another machine’s Telephony server using the tapisnap.dll tool. This could result in a heap-based buffer out-of-bounds write due to malicious data returned by the Telephony server’s RPC interface. | Remote Code Execution | Exploitation Less Likely |
| CVE-2024-43519 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-43532 | Remote Registry Service Elevation of Privilege Vulnerability | Important | 8.8 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely |
| CVE-2024-43533 | Remote Desktop Client Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-43549 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-43564 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-43589 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-43592 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-43593 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-43599 | Remote Desktop Client Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client. | Remote Code Execution | Exploitation Less Likely |
| CVE-2024-43607 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-43608 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-43611 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | An attacker who successfully exploited this vulnerability could gain remote code execution (RCE) on the victim’s machine. | Remote Code Execution | Exploitation Less Likely |
| CVE-2024-43591 | Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability | Important | 8.7 | No | No | No | Scope = Changed, Jump Point = True The vulnerability enables an attacker to run specific Azure CLI commands to perform service management operations or deploy other Azure resources in the victim’s subscription. |
Elevation of Privilege | Exploitation Less Likely |
| CVE-2024-43497 | DeepSpeed Remote Code Execution Vulnerability | Low | 8.4 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-43574 | Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability | Important | 8.3 | No | No | No | Scope = Changed, Jump Point = True This vulnerability could lead to a browser sandbox escape. |
Remote Code Execution | Exploitation Less Likely |
| CVE-2024-43582 | Remote Desktop Protocol Server Remote Code Execution Vulnerability | Critical | 8.1 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-38229 | .NET and Visual Studio Remote Code Execution Vulnerability | Important | 8.1 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-30092 | Windows Hyper-V Remote Code Execution Vulnerability | Important | 8.0 | No | No | No | Scope = Changed, Jump Point = True | Remote Code Execution | Exploitation Less Likely |
| CVE-2024-38261 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-43501 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely |
| CVE-2024-43503 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely |
| CVE-2024-43504 | Microsoft Excel Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-43505 | Microsoft Office Visio Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-43509 | Windows Graphics Component Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation More Likely |
| CVE-2024-43514 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely |
| CVE-2024-43516 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely |
| CVE-2024-43527 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely |
| CVE-2024-43528 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely |
| CVE-2024-43551 | Windows Storage Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2024-43556 | Windows Graphics Component Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation More Likely |
| CVE-2024-43560 | Microsoft Windows Storage Port Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation More Likely |
| CVE-2024-43563 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely |
| CVE-2024-43576 | Microsoft Office Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-43590 | Visual C++ Redistributable Installer Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | An attacker who successfully exploited this vulnerability could create or delete files in the security context of the “NT AUTHORITY\ LOCAL SERVICE” account. | Elevation of Privilege | Exploitation Less Likely |
| CVE-2024-43616 | Microsoft Office Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-43584 | Windows Scripting Engine Security Feature Bypass Vulnerability | Important | 7.7 | No | No | No | The Anti-Malware Scanning Interface implementation in the newer jscript9legacy.dll is not enabled when running in cscript/wscript leading to a bypass. | Security Feature Bypass | Exploitation Less Likely |
| CVE-2024-38029 | Microsoft OpenSSH for Windows Remote Code Execution Vulnerability | Important | 7.5 | No | No | No | An attacker could remotely load a malicious DLL onto a machine where the ssh-agent service is launched with the -Oallow-remote-pkcs11 option, which could lead to remote code execution. This vulnerability arises because the ssh-pkcs11-helper.exe is configured to allow remote DLL loading, which is not intended for arbitrary remote libraries but rather for pkcs providers already present on the remote machine. |
Remote Code Execution | Exploitation Less Likely |
| CVE-2024-38129 | Windows Kerberos Elevation of Privilege Vulnerability | Important | 7.5 | No | No | No | An attacker who successfully exploited this vulnerability could gain domain administrator privileges | Elevation of Privilege | Exploitation Less Likely |
| CVE-2024-38149 | BranchCache Denial of Service Vulnerability | Important | 7.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2024-38262 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | Important | 7.5 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-43483 | .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | Important | 7.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2024-43484 | .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | Important | 7.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2024-43485 | .NET and Visual Studio Denial of Service Vulnerability | Important | 7.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2024-43506 | BranchCache Denial of Service Vulnerability | Important | 7.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2024-43515 | Internet Small Computer Systems Interface (iSCSI) Denial of Service Vulnerability | Important | 7.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2024-43521 | Windows Hyper-V Denial of Service Vulnerability | Important | 7.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2024-43541 | Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability | Important | 7.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2024-43544 | Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability | Important | 7.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2024-43545 | Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability | Important | 7.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2024-43562 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | Important | 7.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2024-43565 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | Important | 7.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2024-43567 | Windows Hyper-V Denial of Service Vulnerability | Important | 7.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2024-43575 | Windows Hyper-V Denial of Service Vulnerability | Important | 7.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2024-43550 | Windows Secure Channel Spoofing Vulnerability | Important | 7.4 | No | No | No | Spoofing | Exploitation Less Likely | |
| CVE-2024-43553 | NT OS Kernel Elevation of Privilege Vulnerability | Important | 7.4 | No | No | No | An attacker who successfully exploited this vulnerability could gain Kernel Memory Access. | Elevation of Privilege | Exploitation Less Likely |
| CVE-2024-43529 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.3 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely |
| CVE-2024-43552 | Windows Shell Remote Code Execution Vulnerability | Important | 7.3 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-43502 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.1 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation More Likely |
| CVE-2024-43581 | Microsoft OpenSSH for Windows Remote Code Execution Vulnerability | Important | 7.1 | No | No | No | Remote Code Execution | Exploitation More Likely | |
| CVE-2024-43601 | Visual Studio Code for Linux Remote Code Execution Vulnerability | Important | 7.1 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-43615 | Microsoft OpenSSH for Windows Remote Code Execution Vulnerability | Important | 7.1 | No | No | No | Remote Code Execution | Exploitation More Likely | |
| CVE-2024-43511 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.0 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely |
| CVE-2024-43522 | Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | Important | 7.0 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely |
| CVE-2024-43535 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Important | 7.0 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely |
| CVE-2024-43612 | Power BI Report Server Spoofing Vulnerability | Important | 6.9 | No | No | No | Scope = Changed, Jump Point = True The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine. |
Spoofing | Exploitation Less Likely |
| CVE-2024-43523 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important | 6.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-43524 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important | 6.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-43525 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important | 6.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-43526 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important | 6.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-43536 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important | 6.8 | No | No | No | An attacker needs physical access to the target computer to plug in a malicious USB drive. | Remote Code Execution | Exploitation Less Likely |
| CVE-2024-43543 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability | Important | 6.8 | No | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2024-37976 | Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability | Important | 6.7 | No | No | No | An attacker who successfully exploited this vulnerability could bypass Secure Boot. | Security Feature Bypass | Exploitation Less Likely |
| CVE-2024-37979 | Windows Kernel Elevation of Privilege Vulnerability | Important | 6.7 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely |
| CVE-2024-37982 | Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability | Important | 6.7 | No | No | No | An attacker who successfully exploited this vulnerability could bypass Secure Boot. | Security Feature Bypass | Exploitation Less Likely |
| CVE-2024-37983 | Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability | Important | 6.7 | No | No | No | An attacker who successfully exploited this vulnerability could bypass Secure Boot. | Security Feature Bypass | Exploitation Less Likely |
| CVE-2024-43481 | Power BI Report Server Spoofing Vulnerability | Important | 6.5 | No | No | No | Spoofing | Exploitation Less Likely | |
| CVE-2024-43512 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | Important | 6.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2024-43534 | Windows Graphics Component Information Disclosure Vulnerability | Important | 6.5 | No | No | No | An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. | Information Disclosure | Exploitation Less Likely |
| CVE-2024-43537 | Windows Mobile Broadband Driver Denial of Service Vulnerability | Important | 6.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2024-43538 | Windows Mobile Broadband Driver Denial of Service Vulnerability | Important | 6.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2024-43540 | Windows Mobile Broadband Driver Denial of Service Vulnerability | Important | 6.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2024-43542 | Windows Mobile Broadband Driver Denial of Service Vulnerability | Important | 6.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2024-43547 | Windows Kerberos Information Disclosure Vulnerability | Important | 6.5 | No | No | No | Information Disclosure | Exploitation Less Likely | |
| CVE-2024-43555 | Windows Mobile Broadband Driver Denial of Service Vulnerability | Important | 6.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2024-43557 | Windows Mobile Broadband Driver Denial of Service Vulnerability | Important | 6.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2024-43558 | Windows Mobile Broadband Driver Denial of Service Vulnerability | Important | 6.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2024-43559 | Windows Mobile Broadband Driver Denial of Service Vulnerability | Important | 6.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2024-43561 | Windows Mobile Broadband Driver Denial of Service Vulnerability | Important | 6.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2024-43609 | Microsoft Office Spoofing Vulnerability | Important | 6.5 | No | No | No | Spoofing | Exploitation More Likely | |
| CVE-2024-43513 | BitLocker Security Feature Bypass Vulnerability | Important | 6.4 | No | No | No | Security Feature Bypass | Exploitation Less Likely | |
| CVE-2024-43570 | Windows Kernel Elevation of Privilege Vulnerability | Important | 6.4 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely |
| CVE-2024-43604 | Outlook for Android Elevation of Privilege Vulnerability | Important | 5.7 | No | No | No | Elevation of Privilege | Exploitation Less Likely | |
| CVE-2024-43546 | Windows Cryptographic Information Disclosure Vulnerability | Important | 5.6 | No | No | No | Scope = Changed, Jump Point = True An attacker who successfully exploited this vulnerability could potentially execute a cross-VM attack, thereby compromising multiple virtual machines and expanding the impact of the attack beyond the initially targeted VM. |
Information Disclosure | Exploitation Less Likely |
| CVE-2024-43571 | Sudo for Windows Spoofing Vulnerability | Important | 5.6 | No | No | No | Spoofing | Exploitation Less Likely | |
| CVE-2024-43500 | Windows Resilient File System (ReFS) Information Disclosure Vulnerability | Important | 5.5 | No | No | No | Information Disclosure | Exploitation Less Likely | |
| CVE-2024-43508 | Windows Graphics Component Information Disclosure Vulnerability | Important | 5.5 | No | No | No | An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. | Information Disclosure | Exploitation Less Likely |
| CVE-2024-43554 | Windows Kernel-Mode Driver Information Disclosure Vulnerability | Important | 5.5 | No | No | No | The vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. | Information Disclosure | Exploitation Less Likely |
| CVE-2024-43585 | Code Integrity Guard Security Feature Bypass Vulnerability | Important | 5.5 | No | No | An attacker must have existing access to the target file prior to exploitation. | Security Feature Bypass | Exploitation Less Likely | |
| CVE-2024-43603 | Visual Studio Collector Service Denial of Service Vulnerability | Important | 5.5 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2024-43614 | Microsoft Defender for Endpoint for Linux Spoofing Vulnerability | Important | 5.5 | No | No | No | Spoofing | Exploitation Less Likely | |
| CVE-2024-43520 | Windows Kernel Denial of Service Vulnerability | Moderate | 5.0 | No | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2024-43456 | Windows Remote Desktop Services Tampering Vulnerability | Important | 4.8 | No | No | No | Tampering | Exploitation Less Likely |
Do you need help keeping up patches? Syxsense’s automated patch management capabilities helps enterprises patch faster and more accurately. Schedule a consultation with us to learn how we can help you.
