Report Name: Microsoft Patch Tuesday, April 2024Generated: 2024-04-10 13:04:14
| Product Name | Prevalence | U | C | H | M | L | A | Comment |
|---|---|---|---|---|---|---|---|---|
| Windows SMB | 1 | 1 | 1 | Windows component | ||||
| Intel(R) Processor | 0.9 | 1 | 1 | Intel's processors from the pioneering 4-bit 4004 (1971) to the present high-end offerings | ||||
| Windows DNS Server | 0.9 | 7 | 7 | Windows component | ||||
| Windows Kernel | 0.9 | 2 | 2 | Windows Kernel | ||||
| Windows Win32k | 0.9 | 1 | 1 | The Win32k.sys driver is the kernel side of some core parts of the Windows subsystem. Its main functionality is the GUI of Windows; it's responsible for window management. | ||||
| .NET Framework | 0.8 | 1 | 1 | .NET Framework | ||||
| BitLocker | 0.8 | 1 | 1 | A full volume encryption feature included with Microsoft Windows versions starting with Windows Vista | ||||
| Chromium | 0.8 | 5 | 10 | 15 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |||
| Microsoft Defender for IoT | 0.8 | 6 | 6 | Microsoft Defender for IoT provides comprehensive threat detection for IoT/OT environments | ||||
| Microsoft Edge | 0.8 | 3 | 2 | 5 | Web browser | |||
| Outlook for Windows | 0.8 | 1 | 1 | Windows component | ||||
| RPC | 0.8 | 1 | 1 | Remote Procedure Call Runtime | ||||
| Secure Boot | 0.8 | 24 | 24 | Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM) | ||||
| Windows Authentication | 0.8 | 2 | 2 | Windows component | ||||
| Windows CSC Service | 0.8 | 1 | 1 | Windows component | ||||
| Windows Cryptographic Services | 0.8 | 2 | 2 | Windows component | ||||
| Windows DWM Core Library | 0.8 | 1 | 1 | Windows component | ||||
| Windows Defender Credential Guard | 0.8 | 1 | 1 | Windows component | ||||
| Windows Distributed File System (DFS) | 0.8 | 2 | 2 | Windows component | ||||
| Windows File Server Resource Management Service | 0.8 | 1 | 1 | Windows component | ||||
| Windows Kerberos | 0.8 | 2 | 2 | Windows component | ||||
| Windows Mobile Hotspot | 0.8 | 1 | 1 | Windows component | ||||
| Windows Remote Access Connection Manager | 0.8 | 7 | 7 | Windows component | ||||
| Windows Routing and Remote Access Service (RRAS) | 0.8 | 3 | 3 | Windows component | ||||
| Windows Storage | 0.8 | 1 | 1 | Windows component | ||||
| Windows Telephony Server | 0.8 | 3 | 3 | Windows component | ||||
| Windows USB Print Driver | 0.8 | 1 | 1 | Windows component | ||||
| Windows Update Stack | 0.8 | 2 | 2 | Windows component | ||||
| Windows rndismp6.sys | 0.8 | 2 | 2 | Windows component | ||||
| Microsoft Excel | 0.6 | 1 | 1 | MS Office product | ||||
| Windows Hyper-V | 0.6 | 1 | 1 | Hardware virtualization component of the client editions of Windows NT | ||||
| .NET, .NET Framework, and Visual Studio | 0.5 | 1 | 1 | .NET, .NET Framework, and Visual Studio | ||||
| Azure AI Search | 0.5 | 1 | 1 | Azure AI Search | ||||
| Azure Arc-enabled Kubernetes Extension Cluster-Scope | 0.5 | 1 | 1 | Azure Arc-enabled Kubernetes Extension Cluster-Scope | ||||
| Azure Compute Gallery | 0.5 | 1 | 1 | Azure Compute Gallery | ||||
| Azure CycleCloud | 0.5 | 1 | 1 | Azure CycleCloud | ||||
| Azure Identity Library for .NET | 0.5 | 1 | 1 | Azure Identity Library for .NET | ||||
| Azure Migrate | 0.5 | 1 | 1 | Azure Migrate | ||||
| Azure Monitor Agent | 0.5 | 1 | 1 | Azure Monitor Agent | ||||
| Azure Private 5G Core | 0.5 | 1 | 1 | Azure Private 5G Core | ||||
| DHCP Server Service | 0.5 | 4 | 4 | DHCP Server Service | ||||
| HTTP.sys | 0.5 | 1 | 1 | HTTP.sys | ||||
| Libarchive | 0.5 | 1 | 1 | Multi-format archive and compression library | ||||
| Microsoft Azure Kubernetes Service Confidential Container | 0.5 | 1 | 1 | Microsoft Azure Kubernetes Service Confidential Container | ||||
| Microsoft Brokering File System | 0.5 | 4 | 4 | Microsoft Brokering File System | ||||
| Microsoft Edge (Chromium-based) Webview2 | 0.5 | 1 | 1 | Microsoft Edge (Chromium-based) Webview2 | ||||
| Microsoft Install Service | 0.5 | 1 | 1 | Microsoft Install Service | ||||
| Microsoft Local Security Authority Subsystem Service | 0.5 | 1 | 1 | Microsoft Local Security Authority Subsystem Service | ||||
| Microsoft Message Queuing (MSMQ) | 0.5 | 2 | 2 | Microsoft Message Queuing (MSMQ) | ||||
| Microsoft ODBC Driver for SQL Server | 0.5 | 13 | 13 | Microsoft ODBC Driver for SQL Server | ||||
| Microsoft OLE DB Driver for SQL Server | 0.5 | 25 | 25 | Microsoft OLE DB Driver for SQL Server | ||||
| Microsoft SharePoint Server | 0.5 | 1 | 1 | Microsoft SharePoint Server | ||||
| Microsoft Virtual Machine Bus (VMBus) | 0.5 | 1 | 1 | Microsoft Virtual Machine Bus (VMBus) | ||||
| Microsoft WDAC OLE DB Provider for SQL Server | 0.5 | 2 | 2 | Microsoft WDAC OLE DB Provider for SQL Server | ||||
| Microsoft WDAC SQL Server ODBC Driver | 0.5 | 1 | 1 | Microsoft WDAC SQL Server ODBC Driver | ||||
| Proxy Driver | 0.5 | 1 | 1 | Proxy Driver | ||||
| SmartScreen Prompt | 0.5 | 1 | 1 | SmartScreen Prompt | ||||
| Xbox Gaming Services | 0.5 | 1 | 1 | Xbox Gaming Services | ||||
| Unknown Product | 0 | 1 | 1 | 2 | Unknown Product |
| Vulnerability Type | Criticality | U | C | H | M | L | A |
|---|---|---|---|---|---|---|---|
| Remote Code Execution | 1.0 | 68 | 68 | ||||
| Security Feature Bypass | 0.9 | 31 | 31 | ||||
| Elevation of Privilege | 0.85 | 32 | 32 | ||||
| Information Disclosure | 0.83 | 13 | 1 | 14 | |||
| Denial of Service | 0.7 | 5 | 2 | 7 | |||
| Memory Corruption | 0.5 | 3 | 8 | 11 | |||
| Spoofing | 0.4 | 3 | 6 | 9 | |||
| Unknown Vulnerability Type | 0 | 1 | 1 |
| Source | U | C | H | M | L | A |
|---|---|---|---|---|---|---|
| MS PT Extended | 10 | 13 | 23 | |||
| Qualys | 20 | 20 | ||||
| Tenable | 67 | 67 | ||||
| Rapid7 | 7 | 7 | ||||
| ZDI | 5 | 5 |
1. 
Spoofing - Proxy Driver (CVE-2024-26234) - High [573]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 1.0 | 18 | Exploitation in the wild is mentioned on Microsoft website | |
| 0.6 | 17 | The exploit's existence is mentioned in Microsoft CVSS Temporal Metrics (Functional Exploit) | |
| 0.4 | 15 | Spoofing | |
| 0.5 | 14 | Proxy Driver | |
| 0.7 | 10 | CVSS Base Score is 6.7. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-26256 is a remote code execution vulnerability in libarchive. An attacker requires no authentication to exploit the vulnerability. An unauthorized attacker must wait for a user to initiate a connection for successful exploitation. CVE-2024-26158 is an elevation of privilege vulnerability in the Microsoft Install Service. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26209 is an information disclosure vulnerability in Microsoft Local Security Authority Subsystem Service. On successful exploitation, an attacker may disclose uninitialized memory. CVE-2024-26218 is an elevation of privilege vulnerability in Windows Kernel. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26234 is a spoofing vulnerability in Proxy Driver. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26211 is an elevation of privilege vulnerability in Windows Remote Access Connection Manager. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26212 is a denial-of-service vulnerability in the DHCP Server Service. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26230 and CVE-2024-26239 are elevation of privilege vulnerabilities in the Windows Telephony Server. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-29056 is an elevation of privilege vulnerability in Windows Authentication. An attacker who successfully exploits the vulnerability may view some sensitive information. The advisory states, “The updates released on or after April 9, 2024, will NOT fully address the security issues in this vulnerability. For more information about how to manage PAC validation changes related to this CVE and the steps you need to take to be fully protected, see How to manage PAC Validation changes related to CVE-2024-26248 and CVE-2024-29056.” CVE-2024-29988 is a security feature bypass vulnerability in SmartScreen Prompt. To exploit this vulnerability, an attacker must convince a user to launch malicious files using a launcher application that requests that no UI be shown. CVE-2024-26241 is an elevation of privilege vulnerability in Win32k. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-28921 & CVE-2024-28903 are security feature bypass vulnerabilities in Secure Boot. Successful exploitation of the vulnerability may allow an attacker to bypass Secure Boot. Microsoft mentioned in the advisory, “All customers should apply the April 9, 2024, Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required to mitigate this vulnerability. Please refer to KB5025885.”
Rapid7: Microsoft is addressing 149 vulnerabilities this April 2024 Patch Tuesday, which is significantly more than usual. For the second month in a row, Microsoft indicated that they weren't aware of prior public disclosure or exploitation in the wild for any of the vulnerabilities patched today. However, later in the day, Microsoft subsequently updated the advisory for CVE-2024-26234 to acknowledge in-the-wild exploitation and public disclosure of the exploit. There are no new additions to CISA KEV at time of writing.
Rapid7: When originally published, the advisory for CVE-2024-26234 did not indicate that Microsoft was aware of in-the-wild exploitation or public exploit disclosure. However, late on the day of publication, Microsoft updated the advisory to acknowledge awareness of both in-the-wild exploitation and public disclosure.
Rapid7: 2024-04-09: Updated discussion of vuln diclosure prior to publication to reflect Microsoft's update to the advisory for CVE-2024-26234.
ZDI: *Note that post-release, Microsoft confirmed CVE-2024-26234 is also under active attack. The table has been updated to reflect this new information. * Indicates this CVE had been released by a third party and is now being included in Microsoft releases.
2. 
Remote Code Execution - Microsoft Excel (CVE-2024-26257) - High [535]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.8 | 17 | The exploit's existence is mentioned in Microsoft CVSS Temporal Metrics (Autonomous Exploit) | |
| 1.0 | 15 | Remote Code Execution | |
| 0.6 | 14 | MS Office product | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Rapid7: Microsoft is patching a single Office vulnerability today. CVE-2024-26257 describes a RCE vulnerability in Excel; exploitation requires that the attacker convinces the user to open a specially-crafted malicious file.
3. Remote Code Execution - Microsoft Defender for IoT (CVE-2024-21323) - High [520]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Microsoft Defender for IoT provides comprehensive threat detection for IoT/OT environments | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2024-21323: Microsoft Defender for IoT Remote Code Execution Vulnerability To exploit this path traversal vulnerability, an attacker must send a tar file to the Defender for the IoT sensor. After the extraction process, the attacker may send unsigned update packages and overwrite any file they choose. The attacker must first authenticate themselves and gain the necessary permissions to initiate the update process.
Rapid7: CVE-2024-21323 describes an update-based attack and requires prior authentication; an attacker with the ability to control how a Defender for IoT sensor receives updates could cause the sensor device to apply a malicious update package, overwriting arbitrary files on the sensor filesystem via a path traversal weakness.
4. Remote Code Execution - Microsoft Defender for IoT (CVE-2024-29053) - High [520]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Microsoft Defender for IoT provides comprehensive threat detection for IoT/OT environments | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2024-29053: Microsoft Defender for IoT Remote Code Execution Vulnerability An attacker must be authenticated to exploit the vulnerability, but no admin or other elevated privileges are required. Successful exploitation of this path traversal vulnerability requires an authenticated attacker, with access to the file upload feature, to upload malicious files to sensitive locations on the server.
Rapid7: Exploitation of CVE-2024-29053 allows arbitrary file upload for any authenticated user, also via a path traversal weakness, although the advisory does not specify what the target is other than “the server”.
5. Remote Code Execution - RPC (CVE-2024-20678) - High [520]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Remote Procedure Call Runtime | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
ZDI: CVE-2024-20678 – Remote Procedure Call Runtime Remote Code Execution Vulnerability. There is a long history of RPC exploits being seen in the wild, so any RPC bug that could lead to code execution turns heads. This bug does require authentication, but it doesn’t require any elevated permission. Any authenticated user could hit it. It’s not clear if you could hit this if you authenticated as Guest or an anonymous user. A quick search shows about 1.3 million systems with TCP port 135 exposed to the internet. I expect a lot of people will be looking to exploit this in short order.
6. Remote Code Execution - Windows Routing and Remote Access Service (RRAS) (CVE-2024-26179) - High [520]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
7. Remote Code Execution - Windows Routing and Remote Access Service (RRAS) (CVE-2024-26200) - High [520]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
8. Remote Code Execution - Windows Routing and Remote Access Service (RRAS) (CVE-2024-26205) - High [520]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
9. 
Elevation of Privilege - Windows SMB (CVE-2024-26245) - High [514]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 1 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
10. Remote Code Execution - Windows DNS Server (CVE-2024-26221) - High [513]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.9 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.2. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
ZDI: CVE-2024-26221 – Windows DNS Server Remote Code Execution Vulnerability. This is one of seven DNS RCE bugs being patched this month and all are documented identically. These bugs allow RCE on an affected DNS server if the attacker has the privileges to query the DNS server. There is a timing factor here as well, but if the DNS queries are timed correctly, the attacker can execute arbitrary code on the target server. Although not specifically stated, it seems logical that the code execution would occur at the level of the DNS service, which is elevated. I really don’t need to tell you that your DNS servers are critical targets, so please take these bugs seriously and test and deploy the patches quickly.
11. Remote Code Execution - Windows DNS Server (CVE-2024-26222) - High [513]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.9 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.2. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
12. Remote Code Execution - Windows DNS Server (CVE-2024-26223) - High [513]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.9 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.2. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
13. Remote Code Execution - Windows DNS Server (CVE-2024-26224) - High [513]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.9 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.2. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
14. Remote Code Execution - Windows DNS Server (CVE-2024-26227) - High [513]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.9 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.2. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
15. Remote Code Execution - Windows DNS Server (CVE-2024-26231) - High [513]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.9 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.2. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
16. Remote Code Execution - Windows DNS Server (CVE-2024-26233) - High [513]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.9 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.2. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
17. Remote Code Execution - Windows Cryptographic Services (CVE-2024-29050) - High [508]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 8.4. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
18. 
Information Disclosure - .NET Framework (CVE-2024-29059) - High [501]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | .NET Framework | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.0, EPSS Percentile is 0.2 |
MS PT Extended: CVE-2024-29059 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
19. Elevation of Privilege - Windows Kernel (CVE-2024-20693) - High [498]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.9 | 14 | Windows Kernel | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
20. Elevation of Privilege - Windows Kernel (CVE-2024-26218) - High [498]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.9 | 14 | Windows Kernel | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-26256 is a remote code execution vulnerability in libarchive. An attacker requires no authentication to exploit the vulnerability. An unauthorized attacker must wait for a user to initiate a connection for successful exploitation. CVE-2024-26158 is an elevation of privilege vulnerability in the Microsoft Install Service. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26209 is an information disclosure vulnerability in Microsoft Local Security Authority Subsystem Service. On successful exploitation, an attacker may disclose uninitialized memory. CVE-2024-26218 is an elevation of privilege vulnerability in Windows Kernel. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26234 is a spoofing vulnerability in Proxy Driver. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26211 is an elevation of privilege vulnerability in Windows Remote Access Connection Manager. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26212 is a denial-of-service vulnerability in the DHCP Server Service. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26230 and CVE-2024-26239 are elevation of privilege vulnerabilities in the Windows Telephony Server. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-29056 is an elevation of privilege vulnerability in Windows Authentication. An attacker who successfully exploits the vulnerability may view some sensitive information. The advisory states, “The updates released on or after April 9, 2024, will NOT fully address the security issues in this vulnerability. For more information about how to manage PAC validation changes related to this CVE and the steps you need to take to be fully protected, see How to manage PAC Validation changes related to CVE-2024-26248 and CVE-2024-29056.” CVE-2024-29988 is a security feature bypass vulnerability in SmartScreen Prompt. To exploit this vulnerability, an attacker must convince a user to launch malicious files using a launcher application that requests that no UI be shown. CVE-2024-26241 is an elevation of privilege vulnerability in Win32k. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-28921 & CVE-2024-28903 are security feature bypass vulnerabilities in Secure Boot. Successful exploitation of the vulnerability may allow an attacker to bypass Secure Boot. Microsoft mentioned in the advisory, “All customers should apply the April 9, 2024, Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required to mitigate this vulnerability. Please refer to KB5025885.”
21. Elevation of Privilege - Windows Win32k (CVE-2024-26241) - High [498]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.9 | 14 | The Win32k.sys driver is the kernel side of some core parts of the Windows subsystem. Its main functionality is the GUI of Windows; it's responsible for window management. | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-26256 is a remote code execution vulnerability in libarchive. An attacker requires no authentication to exploit the vulnerability. An unauthorized attacker must wait for a user to initiate a connection for successful exploitation. CVE-2024-26158 is an elevation of privilege vulnerability in the Microsoft Install Service. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26209 is an information disclosure vulnerability in Microsoft Local Security Authority Subsystem Service. On successful exploitation, an attacker may disclose uninitialized memory. CVE-2024-26218 is an elevation of privilege vulnerability in Windows Kernel. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26234 is a spoofing vulnerability in Proxy Driver. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26211 is an elevation of privilege vulnerability in Windows Remote Access Connection Manager. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26212 is a denial-of-service vulnerability in the DHCP Server Service. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26230 and CVE-2024-26239 are elevation of privilege vulnerabilities in the Windows Telephony Server. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-29056 is an elevation of privilege vulnerability in Windows Authentication. An attacker who successfully exploits the vulnerability may view some sensitive information. The advisory states, “The updates released on or after April 9, 2024, will NOT fully address the security issues in this vulnerability. For more information about how to manage PAC validation changes related to this CVE and the steps you need to take to be fully protected, see How to manage PAC Validation changes related to CVE-2024-26248 and CVE-2024-29056.” CVE-2024-29988 is a security feature bypass vulnerability in SmartScreen Prompt. To exploit this vulnerability, an attacker must convince a user to launch malicious files using a launcher application that requests that no UI be shown. CVE-2024-26241 is an elevation of privilege vulnerability in Win32k. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-28921 & CVE-2024-28903 are security feature bypass vulnerabilities in Secure Boot. Successful exploitation of the vulnerability may allow an attacker to bypass Secure Boot. Microsoft mentioned in the advisory, “All customers should apply the April 9, 2024, Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required to mitigate this vulnerability. Please refer to KB5025885.”
22. Remote Code Execution - Microsoft Defender for IoT (CVE-2024-21322) - High [496]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Microsoft Defender for IoT provides comprehensive threat detection for IoT/OT environments | |
| 0.7 | 10 | CVSS Base Score is 7.2. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2024-21322: Microsoft Defender for IoT Remote Code Execution Vulnerability Microsoft Defender for IoT is a tool that provides visibility and security across a network by identifying specialized protocols, devices, and machine-to-machine (M2M) behaviors. The tool protects enterprise IoT networks and supports cloud, on-premises, and hybrid OT networks. An attacker must be an administrator of the web application to exploit the vulnerability. Successful exploitation of the vulnerability may lead to remote code execution on target systems.
Rapid7: The advisory for CVE-2024-21322 is light on detail, but notes that exploitation requires the attacker to have existing administrative access to the Defender for IoT web application; this limits the attacker value in isolation, although the potential for insider threat or use as part of an exploit chain remains.
Rapid7: The addition of CWE assessments to Microsoft security advisories helps pinpoint the generic root cause of a vulnerability; e.g., CVE-2024-21322 is assigned “CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection').” By embracing CWE taxonomy, Microsoft is moving away from its own proprietary system to describe root cause. The CWE program has recently updated its guidance on mapping CVEs to a CWE Root Cause.
23. Remote Code Execution - Windows Distributed File System (DFS) (CVE-2024-29066) - High [496]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.2. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
24. Remote Code Execution - Windows rndismp6.sys (CVE-2024-26252) - High [496]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
25. Remote Code Execution - Windows rndismp6.sys (CVE-2024-26253) - High [496]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
26. 
Security Feature Bypass - Chromium (CVE-2024-2630) - High [490]
Description: Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to NVD data source | |
| 0.1 | 10 | EPSS Probability is 0.0, EPSS Percentile is 0.14 |
MS PT Extended: CVE-2024-2630 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
27. Security Feature Bypass - Microsoft Edge (CVE-2024-26163) - High [490]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Web browser | |
| 0.5 | 10 | CVSS Base Score is 4.7. According to Microsoft data source | |
| 0.3 | 10 | EPSS Probability is 0.0, EPSS Percentile is 0.26 |
MS PT Extended: CVE-2024-26163 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
28. Security Feature Bypass - Secure Boot (CVE-2024-26175) - High [490]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM) | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-26175||Secure Boot Security Feature Bypass Vulnerability||7.8|
29. Security Feature Bypass - Secure Boot (CVE-2024-26180) - High [490]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM) | |
| 0.8 | 10 | CVSS Base Score is 8.0. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-26180||Secure Boot Security Feature Bypass Vulnerability||8|
Tenable: Four of the 24 CVEs were assigned a CVSSv3 score of 8.0. They include CVE-2024-26240, CVE-2024-26189, CVE-2024-28925 and CVE-2024-26180. Exploitation of all of these flaws do require an attacker to have either physical access or local administrator privileges on the vulnerable device.
30. Security Feature Bypass - Secure Boot (CVE-2024-26189) - High [490]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM) | |
| 0.8 | 10 | CVSS Base Score is 8.0. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-26189||Secure Boot Security Feature Bypass Vulnerability||8|
Tenable: Four of the 24 CVEs were assigned a CVSSv3 score of 8.0. They include CVE-2024-26240, CVE-2024-26189, CVE-2024-28925 and CVE-2024-26180. Exploitation of all of these flaws do require an attacker to have either physical access or local administrator privileges on the vulnerable device.
31. Security Feature Bypass - Secure Boot (CVE-2024-26240) - High [490]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM) | |
| 0.8 | 10 | CVSS Base Score is 8.0. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-26240||Secure Boot Security Feature Bypass Vulnerability||8|
Tenable: Four of the 24 CVEs were assigned a CVSSv3 score of 8.0. They include CVE-2024-26240, CVE-2024-26189, CVE-2024-28925 and CVE-2024-26180. Exploitation of all of these flaws do require an attacker to have either physical access or local administrator privileges on the vulnerable device.
32. Security Feature Bypass - Secure Boot (CVE-2024-28896) - High [490]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM) | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-28896||Secure Boot Security Feature Bypass Vulnerability||7.5|
33. Security Feature Bypass - Secure Boot (CVE-2024-28920) - High [490]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM) | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-28920||Secure Boot Security Feature Bypass Vulnerability||7.8|
34. Security Feature Bypass - Secure Boot (CVE-2024-28925) - High [490]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM) | |
| 0.8 | 10 | CVSS Base Score is 8.0. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-28925||Secure Boot Security Feature Bypass Vulnerability||8|
Tenable: Four of the 24 CVEs were assigned a CVSSv3 score of 8.0. They include CVE-2024-26240, CVE-2024-26189, CVE-2024-28925 and CVE-2024-26180. Exploitation of all of these flaws do require an attacker to have either physical access or local administrator privileges on the vulnerable device.
35. Security Feature Bypass - Secure Boot (CVE-2024-29061) - High [490]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM) | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-29061||Secure Boot Security Feature Bypass Vulnerability||7.8|
36. Security Feature Bypass - Windows Cryptographic Services (CVE-2024-26228) - High [490]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
37. Elevation of Privilege - Windows Authentication (CVE-2024-21447) - High [481]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
38. Elevation of Privilege - Windows CSC Service (CVE-2024-26229) - High [481]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
39. Elevation of Privilege - Windows Defender Credential Guard (CVE-2024-26237) - High [481]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
40. Elevation of Privilege - Windows Kerberos (CVE-2024-26248) - High [481]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-26256 is a remote code execution vulnerability in libarchive. An attacker requires no authentication to exploit the vulnerability. An unauthorized attacker must wait for a user to initiate a connection for successful exploitation. CVE-2024-26158 is an elevation of privilege vulnerability in the Microsoft Install Service. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26209 is an information disclosure vulnerability in Microsoft Local Security Authority Subsystem Service. On successful exploitation, an attacker may disclose uninitialized memory. CVE-2024-26218 is an elevation of privilege vulnerability in Windows Kernel. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26234 is a spoofing vulnerability in Proxy Driver. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26211 is an elevation of privilege vulnerability in Windows Remote Access Connection Manager. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26212 is a denial-of-service vulnerability in the DHCP Server Service. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26230 and CVE-2024-26239 are elevation of privilege vulnerabilities in the Windows Telephony Server. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-29056 is an elevation of privilege vulnerability in Windows Authentication. An attacker who successfully exploits the vulnerability may view some sensitive information. The advisory states, “The updates released on or after April 9, 2024, will NOT fully address the security issues in this vulnerability. For more information about how to manage PAC validation changes related to this CVE and the steps you need to take to be fully protected, see How to manage PAC Validation changes related to CVE-2024-26248 and CVE-2024-29056.” CVE-2024-29988 is a security feature bypass vulnerability in SmartScreen Prompt. To exploit this vulnerability, an attacker must convince a user to launch malicious files using a launcher application that requests that no UI be shown. CVE-2024-26241 is an elevation of privilege vulnerability in Win32k. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-28921 & CVE-2024-28903 are security feature bypass vulnerabilities in Secure Boot. Successful exploitation of the vulnerability may allow an attacker to bypass Secure Boot. Microsoft mentioned in the advisory, “All customers should apply the April 9, 2024, Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required to mitigate this vulnerability. Please refer to KB5025885.”
41. Elevation of Privilege - Windows Remote Access Connection Manager (CVE-2024-26211) - High [481]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-26256 is a remote code execution vulnerability in libarchive. An attacker requires no authentication to exploit the vulnerability. An unauthorized attacker must wait for a user to initiate a connection for successful exploitation. CVE-2024-26158 is an elevation of privilege vulnerability in the Microsoft Install Service. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26209 is an information disclosure vulnerability in Microsoft Local Security Authority Subsystem Service. On successful exploitation, an attacker may disclose uninitialized memory. CVE-2024-26218 is an elevation of privilege vulnerability in Windows Kernel. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26234 is a spoofing vulnerability in Proxy Driver. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26211 is an elevation of privilege vulnerability in Windows Remote Access Connection Manager. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26212 is a denial-of-service vulnerability in the DHCP Server Service. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26230 and CVE-2024-26239 are elevation of privilege vulnerabilities in the Windows Telephony Server. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-29056 is an elevation of privilege vulnerability in Windows Authentication. An attacker who successfully exploits the vulnerability may view some sensitive information. The advisory states, “The updates released on or after April 9, 2024, will NOT fully address the security issues in this vulnerability. For more information about how to manage PAC validation changes related to this CVE and the steps you need to take to be fully protected, see How to manage PAC Validation changes related to CVE-2024-26248 and CVE-2024-29056.” CVE-2024-29988 is a security feature bypass vulnerability in SmartScreen Prompt. To exploit this vulnerability, an attacker must convince a user to launch malicious files using a launcher application that requests that no UI be shown. CVE-2024-26241 is an elevation of privilege vulnerability in Win32k. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-28921 & CVE-2024-28903 are security feature bypass vulnerabilities in Secure Boot. Successful exploitation of the vulnerability may allow an attacker to bypass Secure Boot. Microsoft mentioned in the advisory, “All customers should apply the April 9, 2024, Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required to mitigate this vulnerability. Please refer to KB5025885.”
42. Elevation of Privilege - Windows Storage (CVE-2024-29052) - High [481]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
43. Elevation of Privilege - Windows Telephony Server (CVE-2024-26230) - High [481]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-26256 is a remote code execution vulnerability in libarchive. An attacker requires no authentication to exploit the vulnerability. An unauthorized attacker must wait for a user to initiate a connection for successful exploitation. CVE-2024-26158 is an elevation of privilege vulnerability in the Microsoft Install Service. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26209 is an information disclosure vulnerability in Microsoft Local Security Authority Subsystem Service. On successful exploitation, an attacker may disclose uninitialized memory. CVE-2024-26218 is an elevation of privilege vulnerability in Windows Kernel. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26234 is a spoofing vulnerability in Proxy Driver. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26211 is an elevation of privilege vulnerability in Windows Remote Access Connection Manager. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26212 is a denial-of-service vulnerability in the DHCP Server Service. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26230 and CVE-2024-26239 are elevation of privilege vulnerabilities in the Windows Telephony Server. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-29056 is an elevation of privilege vulnerability in Windows Authentication. An attacker who successfully exploits the vulnerability may view some sensitive information. The advisory states, “The updates released on or after April 9, 2024, will NOT fully address the security issues in this vulnerability. For more information about how to manage PAC validation changes related to this CVE and the steps you need to take to be fully protected, see How to manage PAC Validation changes related to CVE-2024-26248 and CVE-2024-29056.” CVE-2024-29988 is a security feature bypass vulnerability in SmartScreen Prompt. To exploit this vulnerability, an attacker must convince a user to launch malicious files using a launcher application that requests that no UI be shown. CVE-2024-26241 is an elevation of privilege vulnerability in Win32k. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-28921 & CVE-2024-28903 are security feature bypass vulnerabilities in Secure Boot. Successful exploitation of the vulnerability may allow an attacker to bypass Secure Boot. Microsoft mentioned in the advisory, “All customers should apply the April 9, 2024, Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required to mitigate this vulnerability. Please refer to KB5025885.”
44. Elevation of Privilege - Windows Telephony Server (CVE-2024-26239) - High [481]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-26256 is a remote code execution vulnerability in libarchive. An attacker requires no authentication to exploit the vulnerability. An unauthorized attacker must wait for a user to initiate a connection for successful exploitation. CVE-2024-26158 is an elevation of privilege vulnerability in the Microsoft Install Service. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26209 is an information disclosure vulnerability in Microsoft Local Security Authority Subsystem Service. On successful exploitation, an attacker may disclose uninitialized memory. CVE-2024-26218 is an elevation of privilege vulnerability in Windows Kernel. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26234 is a spoofing vulnerability in Proxy Driver. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26211 is an elevation of privilege vulnerability in Windows Remote Access Connection Manager. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26212 is a denial-of-service vulnerability in the DHCP Server Service. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26230 and CVE-2024-26239 are elevation of privilege vulnerabilities in the Windows Telephony Server. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-29056 is an elevation of privilege vulnerability in Windows Authentication. An attacker who successfully exploits the vulnerability may view some sensitive information. The advisory states, “The updates released on or after April 9, 2024, will NOT fully address the security issues in this vulnerability. For more information about how to manage PAC validation changes related to this CVE and the steps you need to take to be fully protected, see How to manage PAC Validation changes related to CVE-2024-26248 and CVE-2024-29056.” CVE-2024-29988 is a security feature bypass vulnerability in SmartScreen Prompt. To exploit this vulnerability, an attacker must convince a user to launch malicious files using a launcher application that requests that no UI be shown. CVE-2024-26241 is an elevation of privilege vulnerability in Win32k. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-28921 & CVE-2024-28903 are security feature bypass vulnerabilities in Secure Boot. Successful exploitation of the vulnerability may allow an attacker to bypass Secure Boot. Microsoft mentioned in the advisory, “All customers should apply the April 9, 2024, Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required to mitigate this vulnerability. Please refer to KB5025885.”
45. Elevation of Privilege - Windows Update Stack (CVE-2024-26235) - High [481]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
46. Security Feature Bypass - Secure Boot (CVE-2024-20669) - High [478]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM) | |
| 0.7 | 10 | CVSS Base Score is 6.7. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-20669||Secure Boot Security Feature Bypass Vulnerability||6.7|
47. Security Feature Bypass - Secure Boot (CVE-2024-20688) - High [478]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM) | |
| 0.7 | 10 | CVSS Base Score is 7.1. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-20688||Secure Boot Security Feature Bypass Vulnerability||7.1|
48. Security Feature Bypass - Secure Boot (CVE-2024-20689) - High [478]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM) | |
| 0.7 | 10 | CVSS Base Score is 7.1. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-20689||Secure Boot Security Feature Bypass Vulnerability||7.1|
49. Security Feature Bypass - Secure Boot (CVE-2024-26168) - High [478]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM) | |
| 0.7 | 10 | CVSS Base Score is 6.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-26168||Secure Boot Security Feature Bypass Vulnerability||6.8|
50. Security Feature Bypass - Secure Boot (CVE-2024-26171) - High [478]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM) | |
| 0.7 | 10 | CVSS Base Score is 6.7. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-26171||Secure Boot Security Feature Bypass Vulnerability||6.7|
51. Security Feature Bypass - Secure Boot (CVE-2024-26194) - High [478]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM) | |
| 0.7 | 10 | CVSS Base Score is 7.4. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-26194||Secure Boot Security Feature Bypass Vulnerability||7.4|
52. Security Feature Bypass - Secure Boot (CVE-2024-26250) - High [478]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM) | |
| 0.7 | 10 | CVSS Base Score is 6.7. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-26250||Secure Boot Security Feature Bypass Vulnerability||6.7|
53. Security Feature Bypass - Secure Boot (CVE-2024-28897) - High [478]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM) | |
| 0.7 | 10 | CVSS Base Score is 6.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-28897||Secure Boot Security Feature Bypass Vulnerability||6.8|
54. Security Feature Bypass - Secure Boot (CVE-2024-28903) - High [478]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM) | |
| 0.7 | 10 | CVSS Base Score is 6.7. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-26256 is a remote code execution vulnerability in libarchive. An attacker requires no authentication to exploit the vulnerability. An unauthorized attacker must wait for a user to initiate a connection for successful exploitation. CVE-2024-26158 is an elevation of privilege vulnerability in the Microsoft Install Service. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26209 is an information disclosure vulnerability in Microsoft Local Security Authority Subsystem Service. On successful exploitation, an attacker may disclose uninitialized memory. CVE-2024-26218 is an elevation of privilege vulnerability in Windows Kernel. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26234 is a spoofing vulnerability in Proxy Driver. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26211 is an elevation of privilege vulnerability in Windows Remote Access Connection Manager. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26212 is a denial-of-service vulnerability in the DHCP Server Service. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26230 and CVE-2024-26239 are elevation of privilege vulnerabilities in the Windows Telephony Server. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-29056 is an elevation of privilege vulnerability in Windows Authentication. An attacker who successfully exploits the vulnerability may view some sensitive information. The advisory states, “The updates released on or after April 9, 2024, will NOT fully address the security issues in this vulnerability. For more information about how to manage PAC validation changes related to this CVE and the steps you need to take to be fully protected, see How to manage PAC Validation changes related to CVE-2024-26248 and CVE-2024-29056.” CVE-2024-29988 is a security feature bypass vulnerability in SmartScreen Prompt. To exploit this vulnerability, an attacker must convince a user to launch malicious files using a launcher application that requests that no UI be shown. CVE-2024-26241 is an elevation of privilege vulnerability in Win32k. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-28921 & CVE-2024-28903 are security feature bypass vulnerabilities in Secure Boot. Successful exploitation of the vulnerability may allow an attacker to bypass Secure Boot. Microsoft mentioned in the advisory, “All customers should apply the April 9, 2024, Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required to mitigate this vulnerability. Please refer to KB5025885.”
55. Security Feature Bypass - Secure Boot (CVE-2024-28919) - High [478]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM) | |
| 0.7 | 10 | CVSS Base Score is 6.7. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-28919||Secure Boot Security Feature Bypass Vulnerability||6.7|
56. Security Feature Bypass - Secure Boot (CVE-2024-28921) - High [478]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM) | |
| 0.7 | 10 | CVSS Base Score is 6.7. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-26256 is a remote code execution vulnerability in libarchive. An attacker requires no authentication to exploit the vulnerability. An unauthorized attacker must wait for a user to initiate a connection for successful exploitation. CVE-2024-26158 is an elevation of privilege vulnerability in the Microsoft Install Service. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26209 is an information disclosure vulnerability in Microsoft Local Security Authority Subsystem Service. On successful exploitation, an attacker may disclose uninitialized memory. CVE-2024-26218 is an elevation of privilege vulnerability in Windows Kernel. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26234 is a spoofing vulnerability in Proxy Driver. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26211 is an elevation of privilege vulnerability in Windows Remote Access Connection Manager. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26212 is a denial-of-service vulnerability in the DHCP Server Service. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26230 and CVE-2024-26239 are elevation of privilege vulnerabilities in the Windows Telephony Server. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-29056 is an elevation of privilege vulnerability in Windows Authentication. An attacker who successfully exploits the vulnerability may view some sensitive information. The advisory states, “The updates released on or after April 9, 2024, will NOT fully address the security issues in this vulnerability. For more information about how to manage PAC validation changes related to this CVE and the steps you need to take to be fully protected, see How to manage PAC Validation changes related to CVE-2024-26248 and CVE-2024-29056.” CVE-2024-29988 is a security feature bypass vulnerability in SmartScreen Prompt. To exploit this vulnerability, an attacker must convince a user to launch malicious files using a launcher application that requests that no UI be shown. CVE-2024-26241 is an elevation of privilege vulnerability in Win32k. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-28921 & CVE-2024-28903 are security feature bypass vulnerabilities in Secure Boot. Successful exploitation of the vulnerability may allow an attacker to bypass Secure Boot. Microsoft mentioned in the advisory, “All customers should apply the April 9, 2024, Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required to mitigate this vulnerability. Please refer to KB5025885.”
Tenable: |CVE-2024-28921||Secure Boot Security Feature Bypass Vulnerability||6.7|
57. Security Feature Bypass - Secure Boot (CVE-2024-28924) - High [478]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM) | |
| 0.7 | 10 | CVSS Base Score is 6.7. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-28924||Secure Boot Security Feature Bypass Vulnerability||6.7|
58. Security Feature Bypass - Secure Boot (CVE-2024-29062) - High [478]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM) | |
| 0.7 | 10 | CVSS Base Score is 7.1. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-29062||Secure Boot Security Feature Bypass Vulnerability||7.1|
59. Security Feature Bypass - SmartScreen Prompt (CVE-2024-29988) - High [472]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.6 | 17 | The exploit's existence is mentioned in Microsoft CVSS Temporal Metrics (Functional Exploit) | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.5 | 14 | SmartScreen Prompt | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-26256 is a remote code execution vulnerability in libarchive. An attacker requires no authentication to exploit the vulnerability. An unauthorized attacker must wait for a user to initiate a connection for successful exploitation. CVE-2024-26158 is an elevation of privilege vulnerability in the Microsoft Install Service. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26209 is an information disclosure vulnerability in Microsoft Local Security Authority Subsystem Service. On successful exploitation, an attacker may disclose uninitialized memory. CVE-2024-26218 is an elevation of privilege vulnerability in Windows Kernel. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26234 is a spoofing vulnerability in Proxy Driver. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26211 is an elevation of privilege vulnerability in Windows Remote Access Connection Manager. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26212 is a denial-of-service vulnerability in the DHCP Server Service. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26230 and CVE-2024-26239 are elevation of privilege vulnerabilities in the Windows Telephony Server. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-29056 is an elevation of privilege vulnerability in Windows Authentication. An attacker who successfully exploits the vulnerability may view some sensitive information. The advisory states, “The updates released on or after April 9, 2024, will NOT fully address the security issues in this vulnerability. For more information about how to manage PAC validation changes related to this CVE and the steps you need to take to be fully protected, see How to manage PAC Validation changes related to CVE-2024-26248 and CVE-2024-29056.” CVE-2024-29988 is a security feature bypass vulnerability in SmartScreen Prompt. To exploit this vulnerability, an attacker must convince a user to launch malicious files using a launcher application that requests that no UI be shown. CVE-2024-26241 is an elevation of privilege vulnerability in Win32k. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-28921 & CVE-2024-28903 are security feature bypass vulnerabilities in Secure Boot. Successful exploitation of the vulnerability may allow an attacker to bypass Secure Boot. Microsoft mentioned in the advisory, “All customers should apply the April 9, 2024, Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required to mitigate this vulnerability. Please refer to KB5025885.”
Tenable: Microsoft’s April 2024 Patch Tuesday Addresses 147 CVEs (CVE-2024-29988)
Tenable: CVE-2024-29988 | SmartScreen Prompt Security Feature Bypass Vulnerability
Tenable: CVE-2024-29988 is a security feature bypass vulnerability in Microsoft Defender SmartScreen. It was assigned a CVSSv3 score of 8.8 and is rated as important. An attacker could exploit this vulnerability by convincing a target to open a specially crafted file using social engineering tactics such as an external link or malicious attachment sent over email, instant messages or social media.This flaw was reported to Microsoft by some of the same researchers that disclosed CVE-2024-21412, an Internet Shortcut Files security feature bypass that was associated with a DarkGate campaign using fake installer files impersonating Apple iTunes, Notion, NVIDIA and others.
ZDI: CVE-2024-29988 – SmartScreen Prompt Security Feature Bypass Vulnerability. This is an odd one, as a ZDI threat researcher found this vulnerability being in the wild, although Microsoft currently doesn’t list this as exploited. I would treat this as in the wild until Microsoft clarifies. The bug itself acts much like CVE-2024-21412 – it bypasses the Mark of the Web (MotW) feature and allows malware to execute on a target system. Threat actors are sending exploits in a zipped file to evade EDR/NDR detection and then using this bug (and others) to bypass MotW.
60. Information Disclosure - Intel(R) Processor (CVE-2022-0001) - High [470]
Description: Non-transparent sharing of branch predictor selectors between contexts in some
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.9 | 14 | Intel's processors from the pioneering 4-bit 4004 (1971) to the present high-end offerings | |
| 0.5 | 10 | CVSS Base Score is 4.7. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.0, EPSS Percentile is 0.14 |
61. Remote Code Execution - Microsoft ODBC Driver for SQL Server (CVE-2024-28929) - High [470]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft ODBC Driver for SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-28929||Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability||8.8|
62. Remote Code Execution - Microsoft ODBC Driver for SQL Server (CVE-2024-28930) - High [470]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft ODBC Driver for SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-28930||Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability||8.8|
63. Remote Code Execution - Microsoft ODBC Driver for SQL Server (CVE-2024-28931) - High [470]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft ODBC Driver for SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-28931||Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability||8.8|
64. Remote Code Execution - Microsoft ODBC Driver for SQL Server (CVE-2024-28932) - High [470]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft ODBC Driver for SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-28932||Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability||8.8|
65. Remote Code Execution - Microsoft ODBC Driver for SQL Server (CVE-2024-28933) - High [470]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft ODBC Driver for SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-28933||Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability||8.8|
66. Remote Code Execution - Microsoft ODBC Driver for SQL Server (CVE-2024-28934) - High [470]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft ODBC Driver for SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-28934||Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability||8.8|
67. Remote Code Execution - Microsoft ODBC Driver for SQL Server (CVE-2024-28935) - High [470]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft ODBC Driver for SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-28935||Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability||8.8|
68. Remote Code Execution - Microsoft ODBC Driver for SQL Server (CVE-2024-28936) - High [470]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft ODBC Driver for SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-28936||Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability||8.8|
69. Remote Code Execution - Microsoft ODBC Driver for SQL Server (CVE-2024-28937) - High [470]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft ODBC Driver for SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-28937||Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability||8.8|
70. Remote Code Execution - Microsoft ODBC Driver for SQL Server (CVE-2024-28938) - High [470]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft ODBC Driver for SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-28938||Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability||8.8|
71. Remote Code Execution - Microsoft ODBC Driver for SQL Server (CVE-2024-28941) - High [470]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft ODBC Driver for SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-28941||Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability||8.8|
72. Remote Code Execution - Microsoft ODBC Driver for SQL Server (CVE-2024-28943) - High [470]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft ODBC Driver for SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-28943||Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability||8.8|
73. Remote Code Execution - Microsoft ODBC Driver for SQL Server (CVE-2024-29043) - High [470]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft ODBC Driver for SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-29043||Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability||8.8|
74. Remote Code Execution - Microsoft OLE DB Driver for SQL Server (CVE-2024-28906) - High [470]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft OLE DB Driver for SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-28906||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
75. Remote Code Execution - Microsoft OLE DB Driver for SQL Server (CVE-2024-28908) - High [470]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft OLE DB Driver for SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-28908||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
76. Remote Code Execution - Microsoft OLE DB Driver for SQL Server (CVE-2024-28909) - High [470]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft OLE DB Driver for SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-28909||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
77. Remote Code Execution - Microsoft OLE DB Driver for SQL Server (CVE-2024-28910) - High [470]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft OLE DB Driver for SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-28910||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
78. Remote Code Execution - Microsoft OLE DB Driver for SQL Server (CVE-2024-28911) - High [470]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft OLE DB Driver for SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-28911||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
79. Remote Code Execution - Microsoft OLE DB Driver for SQL Server (CVE-2024-28912) - High [470]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft OLE DB Driver for SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-28912||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
80. Remote Code Execution - Microsoft OLE DB Driver for SQL Server (CVE-2024-28913) - High [470]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft OLE DB Driver for SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-28913||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
81. Remote Code Execution - Microsoft OLE DB Driver for SQL Server (CVE-2024-28914) - High [470]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft OLE DB Driver for SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-28914||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
82. Remote Code Execution - Microsoft OLE DB Driver for SQL Server (CVE-2024-28915) - High [470]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft OLE DB Driver for SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-28915||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
83. Remote Code Execution - Microsoft OLE DB Driver for SQL Server (CVE-2024-28926) - High [470]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft OLE DB Driver for SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-28926||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
84. Remote Code Execution - Microsoft OLE DB Driver for SQL Server (CVE-2024-28927) - High [470]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft OLE DB Driver for SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-28927||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
85. Remote Code Execution - Microsoft OLE DB Driver for SQL Server (CVE-2024-28939) - High [470]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft OLE DB Driver for SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-28939||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
86. Remote Code Execution - Microsoft OLE DB Driver for SQL Server (CVE-2024-28940) - High [470]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft OLE DB Driver for SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-28940||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
87. Remote Code Execution - Microsoft OLE DB Driver for SQL Server (CVE-2024-28942) - High [470]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft OLE DB Driver for SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-28942||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
88. Remote Code Execution - Microsoft OLE DB Driver for SQL Server (CVE-2024-28944) - High [470]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft OLE DB Driver for SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-28944||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
89. Remote Code Execution - Microsoft OLE DB Driver for SQL Server (CVE-2024-28945) - High [470]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft OLE DB Driver for SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-28945||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
90. Remote Code Execution - Microsoft OLE DB Driver for SQL Server (CVE-2024-29044) - High [470]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft OLE DB Driver for SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-29044||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
91. Remote Code Execution - Microsoft OLE DB Driver for SQL Server (CVE-2024-29046) - High [470]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft OLE DB Driver for SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-29046||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
92. Remote Code Execution - Microsoft OLE DB Driver for SQL Server (CVE-2024-29047) - High [470]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft OLE DB Driver for SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-29047||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
93. Remote Code Execution - Microsoft OLE DB Driver for SQL Server (CVE-2024-29048) - High [470]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft OLE DB Driver for SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-29048||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
94. Remote Code Execution - Microsoft OLE DB Driver for SQL Server (CVE-2024-29982) - High [470]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft OLE DB Driver for SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-29982||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
95. Remote Code Execution - Microsoft OLE DB Driver for SQL Server (CVE-2024-29983) - High [470]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft OLE DB Driver for SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-29983||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
96. Remote Code Execution - Microsoft OLE DB Driver for SQL Server (CVE-2024-29984) - High [470]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft OLE DB Driver for SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-29984||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
97. Remote Code Execution - Microsoft OLE DB Driver for SQL Server (CVE-2024-29985) - High [470]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft OLE DB Driver for SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-29985||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
98. Remote Code Execution - Microsoft WDAC OLE DB Provider for SQL Server (CVE-2024-26210) - High [470]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft WDAC OLE DB Provider for SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-26210||Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability||8.8|
99. Remote Code Execution - Microsoft WDAC OLE DB Provider for SQL Server (CVE-2024-26244) - High [470]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft WDAC OLE DB Provider for SQL Server | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-26244||Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability||8.8|
100. Remote Code Execution - Microsoft WDAC SQL Server ODBC Driver (CVE-2024-26214) - High [470]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft WDAC SQL Server ODBC Driver | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-26214||Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability||8.8|
101. Elevation of Privilege - Microsoft Defender for IoT (CVE-2024-21324) - High [469]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Microsoft Defender for IoT provides comprehensive threat detection for IoT/OT environments | |
| 0.7 | 10 | CVSS Base Score is 7.2. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
102. Elevation of Privilege - Microsoft Defender for IoT (CVE-2024-29054) - High [469]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Microsoft Defender for IoT provides comprehensive threat detection for IoT/OT environments | |
| 0.7 | 10 | CVSS Base Score is 7.2. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
103. Elevation of Privilege - Microsoft Defender for IoT (CVE-2024-29055) - High [469]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Microsoft Defender for IoT provides comprehensive threat detection for IoT/OT environments | |
| 0.7 | 10 | CVSS Base Score is 7.2. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
104. Elevation of Privilege - Windows File Server Resource Management Service (CVE-2024-26216) - High [469]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.3. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
105. Elevation of Privilege - Windows Telephony Server (CVE-2024-26242) - High [469]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
106. Elevation of Privilege - Windows USB Print Driver (CVE-2024-26243) - High [469]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
107. Elevation of Privilege - Windows Update Stack (CVE-2024-26236) - High [469]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
108. Information Disclosure - Windows Distributed File System (DFS) (CVE-2024-26226) - High [466]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
109. Security Feature Bypass - BitLocker (CVE-2024-20665) - High [466]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | A full volume encryption feature included with Microsoft Windows versions starting with Windows Vista | |
| 0.6 | 10 | CVSS Base Score is 6.1. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
110. Security Feature Bypass - Microsoft Edge (CVE-2024-26246) - High [466]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Web browser | |
| 0.4 | 10 | CVSS Base Score is 3.9. According to Microsoft data source | |
| 0.2 | 10 | EPSS Probability is 0.0, EPSS Percentile is 0.16 |
MS PT Extended: CVE-2024-26246 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
111. Security Feature Bypass - Microsoft Edge (CVE-2024-26247) - High [466]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Web browser | |
| 0.5 | 10 | CVSS Base Score is 4.7. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.0, EPSS Percentile is 0.08 |
MS PT Extended: CVE-2024-26247 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
112. Security Feature Bypass - Secure Boot (CVE-2024-28898) - High [466]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM) | |
| 0.6 | 10 | CVSS Base Score is 6.3. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-28898||Secure Boot Security Feature Bypass Vulnerability||6.3|
113. Security Feature Bypass - Secure Boot (CVE-2024-28923) - High [466]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM) | |
| 0.6 | 10 | CVSS Base Score is 6.4. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-28923||Secure Boot Security Feature Bypass Vulnerability||6.4|
114. 
Denial of Service - DHCP Server Service (CVE-2024-26215) - High [465]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.8 | 17 | The exploit's existence is mentioned in Microsoft CVSS Temporal Metrics (Autonomous Exploit) | |
| 0.7 | 15 | Denial of Service | |
| 0.5 | 14 | DHCP Server Service | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
115. Remote Code Execution - Libarchive (CVE-2024-26256) - High [458]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Multi-format archive and compression library | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-26256 is a remote code execution vulnerability in libarchive. An attacker requires no authentication to exploit the vulnerability. An unauthorized attacker must wait for a user to initiate a connection for successful exploitation. CVE-2024-26158 is an elevation of privilege vulnerability in the Microsoft Install Service. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26209 is an information disclosure vulnerability in Microsoft Local Security Authority Subsystem Service. On successful exploitation, an attacker may disclose uninitialized memory. CVE-2024-26218 is an elevation of privilege vulnerability in Windows Kernel. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26234 is a spoofing vulnerability in Proxy Driver. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26211 is an elevation of privilege vulnerability in Windows Remote Access Connection Manager. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26212 is a denial-of-service vulnerability in the DHCP Server Service. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26230 and CVE-2024-26239 are elevation of privilege vulnerabilities in the Windows Telephony Server. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-29056 is an elevation of privilege vulnerability in Windows Authentication. An attacker who successfully exploits the vulnerability may view some sensitive information. The advisory states, “The updates released on or after April 9, 2024, will NOT fully address the security issues in this vulnerability. For more information about how to manage PAC validation changes related to this CVE and the steps you need to take to be fully protected, see How to manage PAC Validation changes related to CVE-2024-26248 and CVE-2024-29056.” CVE-2024-29988 is a security feature bypass vulnerability in SmartScreen Prompt. To exploit this vulnerability, an attacker must convince a user to launch malicious files using a launcher application that requests that no UI be shown. CVE-2024-26241 is an elevation of privilege vulnerability in Win32k. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-28921 & CVE-2024-28903 are security feature bypass vulnerabilities in Secure Boot. Successful exploitation of the vulnerability may allow an attacker to bypass Secure Boot. Microsoft mentioned in the advisory, “All customers should apply the April 9, 2024, Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required to mitigate this vulnerability. Please refer to KB5025885.”
116. Remote Code Execution - Microsoft OLE DB Driver for SQL Server (CVE-2024-29045) - High [458]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft OLE DB Driver for SQL Server | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: This month's release included 41 CVEs affecting multiple drivers for SQL Server, the Open Database Connectivity (ODBC) driver, WDAC OLE DB Driver and OLE DB driver. All but one of these CVEs received CVSSv3 scores of 8.8, with the lone exception, CVE-2024-29045 receiving a 7.5. All were rated as “Exploitation Less Likely” according to the Microsoft Exploitability Index, with none being publicly disclosed or exploited in the wild. A full list of the CVEs is included in the table below.
Tenable: |CVE-2024-29045||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||7.5|
117. Information Disclosure - Windows DWM Core Library (CVE-2024-26172) - High [454]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
118. Information Disclosure - Windows Remote Access Connection Manager (CVE-2024-26207) - High [454]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
119. Information Disclosure - Windows Remote Access Connection Manager (CVE-2024-26217) - High [454]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
120. Information Disclosure - Windows Remote Access Connection Manager (CVE-2024-26255) - High [454]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
121. Information Disclosure - Windows Remote Access Connection Manager (CVE-2024-28900) - High [454]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
122. Information Disclosure - Windows Remote Access Connection Manager (CVE-2024-28901) - High [454]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
123. Information Disclosure - Windows Remote Access Connection Manager (CVE-2024-28902) - High [454]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
124. Remote Code Execution - Azure Migrate (CVE-2024-26193) - High [454]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.6 | 17 | The exploit's existence is mentioned in Microsoft CVSS Temporal Metrics (Functional Exploit) | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Azure Migrate | |
| 0.6 | 10 | CVSS Base Score is 6.4. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
125. Remote Code Execution - .NET, .NET Framework, and Visual Studio (CVE-2024-21409) - High [446]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | .NET, .NET Framework, and Visual Studio | |
| 0.7 | 10 | CVSS Base Score is 7.3. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
126. Remote Code Execution - DHCP Server Service (CVE-2024-26195) - High [446]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | DHCP Server Service | |
| 0.7 | 10 | CVSS Base Score is 7.2. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
127. Remote Code Execution - DHCP Server Service (CVE-2024-26202) - High [446]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | DHCP Server Service | |
| 0.7 | 10 | CVSS Base Score is 7.2. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
128. Remote Code Execution - Microsoft Message Queuing (MSMQ) (CVE-2024-26208) - High [446]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft Message Queuing (MSMQ) | |
| 0.7 | 10 | CVSS Base Score is 7.2. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
129. Remote Code Execution - Microsoft Message Queuing (MSMQ) (CVE-2024-26232) - High [446]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.5 | 14 | Microsoft Message Queuing (MSMQ) | |
| 0.7 | 10 | CVSS Base Score is 7.3. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: CVE-2024-26232: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability CVSS:3.1 7.3 / 6.4 Policy Compliance Control IDs (CIDs): 14297 Status of the open network connections and listening ports (Qualys Agent only) 14916 Status of Windows Services 4030 Status of the Windows Message Queuing Service The following QQL will return a posture assessment for the CIDs for this Patch Tuesday: control.id: [14297, 14916, 4030]
130. Elevation of Privilege - Azure CycleCloud (CVE-2024-29993) - High [443]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Azure CycleCloud | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
131. Denial of Service - Windows Kerberos (CVE-2024-26183) - High [442]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.8 | 14 | Windows component | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
132. Information Disclosure - Windows Mobile Hotspot (CVE-2024-26220) - High [442]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.8 | 14 | Windows component | |
| 0.5 | 10 | CVSS Base Score is 5.0. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
133. 
Memory Corruption - Chromium (CVE-2024-2625) - High [442]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0.1 | 10 | EPSS Probability is 0.0, EPSS Percentile is 0.14 |
MS PT Extended: CVE-2024-2625 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-26256 is a remote code execution vulnerability in libarchive. An attacker requires no authentication to exploit the vulnerability. An unauthorized attacker must wait for a user to initiate a connection for successful exploitation. CVE-2024-26158 is an elevation of privilege vulnerability in the Microsoft Install Service. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26209 is an information disclosure vulnerability in Microsoft Local Security Authority Subsystem Service. On successful exploitation, an attacker may disclose uninitialized memory. CVE-2024-26218 is an elevation of privilege vulnerability in Windows Kernel. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26234 is a spoofing vulnerability in Proxy Driver. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26211 is an elevation of privilege vulnerability in Windows Remote Access Connection Manager. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26212 is a denial-of-service vulnerability in the DHCP Server Service. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26230 and CVE-2024-26239 are elevation of privilege vulnerabilities in the Windows Telephony Server. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-29056 is an elevation of privilege vulnerability in Windows Authentication. An attacker who successfully exploits the vulnerability may view some sensitive information. The advisory states, “The updates released on or after April 9, 2024, will NOT fully address the security issues in this vulnerability. For more information about how to manage PAC validation changes related to this CVE and the steps you need to take to be fully protected, see How to manage PAC Validation changes related to CVE-2024-26248 and CVE-2024-29056.” CVE-2024-29988 is a security feature bypass vulnerability in SmartScreen Prompt. To exploit this vulnerability, an attacker must convince a user to launch malicious files using a launcher application that requests that no UI be shown. CVE-2024-26241 is an elevation of privilege vulnerability in Win32k. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-28921 & CVE-2024-28903 are security feature bypass vulnerabilities in Secure Boot. Successful exploitation of the vulnerability may allow an attacker to bypass Secure Boot. Microsoft mentioned in the advisory, “All customers should apply the April 9, 2024, Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required to mitigate this vulnerability. Please refer to KB5025885.”
Tenable: |CVE-2024-26250||Secure Boot Security Feature Bypass Vulnerability||6.7|
Rapid7: SharePoint receives a patch for CVE-2024-26251, a spoofing vulnerability which abuses cross-site scripting (XSS) and affects SharePoint Server 2016, 2019, and Subscription Edition. Exploitation requires multiple conditions to be met, including but not limited to a reliance on user actions, token impersonation, and specific application configuration. On that basis, although Microsoft is in possession of mature exploit code, exploitation is rated less likely.
Rapid7: Microsoft is patching a single Office vulnerability today. CVE-2024-26257 describes a RCE vulnerability in Excel; exploitation requires that the attacker convinces the user to open a specially-crafted malicious file.
134. Memory Corruption - Chromium (CVE-2024-2627) - High [442]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to NVD data source | |
| 0.1 | 10 | EPSS Probability is 0.0, EPSS Percentile is 0.14 |
MS PT Extended: CVE-2024-2627 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
135. Security Feature Bypass - Secure Boot (CVE-2024-28922) - High [442]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.9 | 15 | Security Feature Bypass | |
| 0.8 | 14 | Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM) | |
| 0.4 | 10 | CVSS Base Score is 4.1. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: |CVE-2024-28922||Secure Boot Security Feature Bypass Vulnerability||4.1|
136. Elevation of Privilege - Xbox Gaming Services (CVE-2024-28916) - High [435]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.4 | 17 | The exploit's existence is mentioned in Microsoft CVSS Temporal Metrics (Proof-of-Concept Exploit) | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Xbox Gaming Services | |
| 0.9 | 10 | CVSS Base Score is 8.8. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.0, EPSS Percentile is 0.08 |
MS PT Extended: CVE-2024-28916 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
137. Elevation of Privilege - Windows Authentication (CVE-2024-29056) - High [433]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.8 | 14 | Windows component | |
| 0.4 | 10 | CVSS Base Score is 4.3. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-26256 is a remote code execution vulnerability in libarchive. An attacker requires no authentication to exploit the vulnerability. An unauthorized attacker must wait for a user to initiate a connection for successful exploitation. CVE-2024-26158 is an elevation of privilege vulnerability in the Microsoft Install Service. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26209 is an information disclosure vulnerability in Microsoft Local Security Authority Subsystem Service. On successful exploitation, an attacker may disclose uninitialized memory. CVE-2024-26218 is an elevation of privilege vulnerability in Windows Kernel. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26234 is a spoofing vulnerability in Proxy Driver. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26211 is an elevation of privilege vulnerability in Windows Remote Access Connection Manager. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26212 is a denial-of-service vulnerability in the DHCP Server Service. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26230 and CVE-2024-26239 are elevation of privilege vulnerabilities in the Windows Telephony Server. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-29056 is an elevation of privilege vulnerability in Windows Authentication. An attacker who successfully exploits the vulnerability may view some sensitive information. The advisory states, “The updates released on or after April 9, 2024, will NOT fully address the security issues in this vulnerability. For more information about how to manage PAC validation changes related to this CVE and the steps you need to take to be fully protected, see How to manage PAC Validation changes related to CVE-2024-26248 and CVE-2024-29056.” CVE-2024-29988 is a security feature bypass vulnerability in SmartScreen Prompt. To exploit this vulnerability, an attacker must convince a user to launch malicious files using a launcher application that requests that no UI be shown. CVE-2024-26241 is an elevation of privilege vulnerability in Win32k. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-28921 & CVE-2024-28903 are security feature bypass vulnerabilities in Secure Boot. Successful exploitation of the vulnerability may allow an attacker to bypass Secure Boot. Microsoft mentioned in the advisory, “All customers should apply the April 9, 2024, Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required to mitigate this vulnerability. Please refer to KB5025885.”
138. Elevation of Privilege - Azure Monitor Agent (CVE-2024-29989) - High [431]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Azure Monitor Agent | |
| 0.8 | 10 | CVSS Base Score is 8.4. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
139. Elevation of Privilege - Microsoft Brokering File System (CVE-2024-28904) - High [431]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Microsoft Brokering File System | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
140. Elevation of Privilege - Microsoft Brokering File System (CVE-2024-28905) - High [431]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Microsoft Brokering File System | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
141. Elevation of Privilege - Microsoft Brokering File System (CVE-2024-28907) - High [431]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Microsoft Brokering File System | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
142. Elevation of Privilege - Microsoft Install Service (CVE-2024-26158) - High [431]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Microsoft Install Service | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-26256 is a remote code execution vulnerability in libarchive. An attacker requires no authentication to exploit the vulnerability. An unauthorized attacker must wait for a user to initiate a connection for successful exploitation. CVE-2024-26158 is an elevation of privilege vulnerability in the Microsoft Install Service. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26209 is an information disclosure vulnerability in Microsoft Local Security Authority Subsystem Service. On successful exploitation, an attacker may disclose uninitialized memory. CVE-2024-26218 is an elevation of privilege vulnerability in Windows Kernel. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26234 is a spoofing vulnerability in Proxy Driver. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26211 is an elevation of privilege vulnerability in Windows Remote Access Connection Manager. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26212 is a denial-of-service vulnerability in the DHCP Server Service. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26230 and CVE-2024-26239 are elevation of privilege vulnerabilities in the Windows Telephony Server. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-29056 is an elevation of privilege vulnerability in Windows Authentication. An attacker who successfully exploits the vulnerability may view some sensitive information. The advisory states, “The updates released on or after April 9, 2024, will NOT fully address the security issues in this vulnerability. For more information about how to manage PAC validation changes related to this CVE and the steps you need to take to be fully protected, see How to manage PAC Validation changes related to CVE-2024-26248 and CVE-2024-29056.” CVE-2024-29988 is a security feature bypass vulnerability in SmartScreen Prompt. To exploit this vulnerability, an attacker must convince a user to launch malicious files using a launcher application that requests that no UI be shown. CVE-2024-26241 is an elevation of privilege vulnerability in Win32k. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-28921 & CVE-2024-28903 are security feature bypass vulnerabilities in Secure Boot. Successful exploitation of the vulnerability may allow an attacker to bypass Secure Boot. Microsoft mentioned in the advisory, “All customers should apply the April 9, 2024, Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required to mitigate this vulnerability. Please refer to KB5025885.”
143. Remote Code Execution - Chromium (CVE-2024-2887) - High [425]
Description: Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 1.0 | 15 | Remote Code Execution | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.0 | 10 | CVSS Base Score is NA. No data. | |
| 0.1 | 10 | EPSS Probability is 0.0, EPSS Percentile is 0.14 |
MS PT Extended: CVE-2024-2887 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
144. Elevation of Privilege - Microsoft Azure Kubernetes Service Confidential Container (CVE-2024-29990) - High [423]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.4 | 17 | The exploit's existence is mentioned in Microsoft CVSS Temporal Metrics (Proof-of-Concept Exploit) | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Microsoft Azure Kubernetes Service Confidential Container | |
| 0.9 | 10 | CVSS Base Score is 9.0. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Tenable: CVE-2024-29990 | Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
Tenable: CVE-2024-29990 is an EoP vulnerability in the Azure Kubernetes Service Confidential Containers (AKSCC). It was assigned a CVSSv3 score of 9 and is rated important. Exploitation of this flaw hinges on the preparation of a target environment by an attacker. Successful exploitation would enable an attacker to “steal credentials and affect resources beyond the security scope managed by AKSCC.” This includes taking over both “confidential guests and containers beyond the network stack it might be bound to.”
145. Elevation of Privilege - Azure Compute Gallery (CVE-2024-21424) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Azure Compute Gallery | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
146. Elevation of Privilege - Microsoft Brokering File System (CVE-2024-26213) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Microsoft Brokering File System | |
| 0.7 | 10 | CVSS Base Score is 7.0. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
147. Memory Corruption - Chromium (CVE-2024-2626) - High [419]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.7 | 10 | CVSS Base Score is 6.5. According to NVD data source | |
| 0.1 | 10 | EPSS Probability is 0.0, EPSS Percentile is 0.14 |
MS PT Extended: CVE-2024-2626 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
148. Elevation of Privilege - Azure Arc-enabled Kubernetes Extension Cluster-Scope (CVE-2024-28917) - High [407]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.85 | 15 | Elevation of Privilege | |
| 0.5 | 14 | Azure Arc-enabled Kubernetes Extension Cluster-Scope | |
| 0.6 | 10 | CVSS Base Score is 6.2. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
149. Denial of Service - DHCP Server Service (CVE-2024-26212) - High [404]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.5 | 14 | DHCP Server Service | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-26256 is a remote code execution vulnerability in libarchive. An attacker requires no authentication to exploit the vulnerability. An unauthorized attacker must wait for a user to initiate a connection for successful exploitation. CVE-2024-26158 is an elevation of privilege vulnerability in the Microsoft Install Service. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26209 is an information disclosure vulnerability in Microsoft Local Security Authority Subsystem Service. On successful exploitation, an attacker may disclose uninitialized memory. CVE-2024-26218 is an elevation of privilege vulnerability in Windows Kernel. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26234 is a spoofing vulnerability in Proxy Driver. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26211 is an elevation of privilege vulnerability in Windows Remote Access Connection Manager. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26212 is a denial-of-service vulnerability in the DHCP Server Service. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26230 and CVE-2024-26239 are elevation of privilege vulnerabilities in the Windows Telephony Server. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-29056 is an elevation of privilege vulnerability in Windows Authentication. An attacker who successfully exploits the vulnerability may view some sensitive information. The advisory states, “The updates released on or after April 9, 2024, will NOT fully address the security issues in this vulnerability. For more information about how to manage PAC validation changes related to this CVE and the steps you need to take to be fully protected, see How to manage PAC Validation changes related to CVE-2024-26248 and CVE-2024-29056.” CVE-2024-29988 is a security feature bypass vulnerability in SmartScreen Prompt. To exploit this vulnerability, an attacker must convince a user to launch malicious files using a launcher application that requests that no UI be shown. CVE-2024-26241 is an elevation of privilege vulnerability in Win32k. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-28921 & CVE-2024-28903 are security feature bypass vulnerabilities in Secure Boot. Successful exploitation of the vulnerability may allow an attacker to bypass Secure Boot. Microsoft mentioned in the advisory, “All customers should apply the April 9, 2024, Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required to mitigate this vulnerability. Please refer to KB5025885.”
150. Denial of Service - HTTP.sys (CVE-2024-26219) - High [404]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.5 | 14 | HTTP.sys | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
151. Denial of Service - Microsoft Virtual Machine Bus (VMBus) (CVE-2024-26254) - High [404]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.5 | 14 | Microsoft Virtual Machine Bus (VMBus) | |
| 0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
152. Information Disclosure - Azure Identity Library for .NET (CVE-2024-29992) - High [404]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.5 | 14 | Azure Identity Library for .NET | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
153. Information Disclosure - Microsoft Local Security Authority Subsystem Service (CVE-2024-26209) - High [404]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.83 | 15 | Information Disclosure | |
| 0.5 | 14 | Microsoft Local Security Authority Subsystem Service | |
| 0.6 | 10 | CVSS Base Score is 5.5. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-26256 is a remote code execution vulnerability in libarchive. An attacker requires no authentication to exploit the vulnerability. An unauthorized attacker must wait for a user to initiate a connection for successful exploitation. CVE-2024-26158 is an elevation of privilege vulnerability in the Microsoft Install Service. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26209 is an information disclosure vulnerability in Microsoft Local Security Authority Subsystem Service. On successful exploitation, an attacker may disclose uninitialized memory. CVE-2024-26218 is an elevation of privilege vulnerability in Windows Kernel. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26234 is a spoofing vulnerability in Proxy Driver. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26211 is an elevation of privilege vulnerability in Windows Remote Access Connection Manager. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26212 is a denial-of-service vulnerability in the DHCP Server Service. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26230 and CVE-2024-26239 are elevation of privilege vulnerabilities in the Windows Telephony Server. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-29056 is an elevation of privilege vulnerability in Windows Authentication. An attacker who successfully exploits the vulnerability may view some sensitive information. The advisory states, “The updates released on or after April 9, 2024, will NOT fully address the security issues in this vulnerability. For more information about how to manage PAC validation changes related to this CVE and the steps you need to take to be fully protected, see How to manage PAC Validation changes related to CVE-2024-26248 and CVE-2024-29056.” CVE-2024-29988 is a security feature bypass vulnerability in SmartScreen Prompt. To exploit this vulnerability, an attacker must convince a user to launch malicious files using a launcher application that requests that no UI be shown. CVE-2024-26241 is an elevation of privilege vulnerability in Win32k. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-28921 & CVE-2024-28903 are security feature bypass vulnerabilities in Secure Boot. Successful exploitation of the vulnerability may allow an attacker to bypass Secure Boot. Microsoft mentioned in the advisory, “All customers should apply the April 9, 2024, Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required to mitigate this vulnerability. Please refer to KB5025885.”
154. Spoofing - Outlook for Windows (CVE-2024-20670) - High [401]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.8 | 14 | Windows component | |
| 0.8 | 10 | CVSS Base Score is 8.1. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
ZDI: CVE-2024-20670 – Outlook for Windows Spoofing Vulnerability. This bug is listed as a spoofing bug, but based on the end result of exploitation, I would consider this information disclosure. In this case, the information disclosed would be NTLM hashes, which could then be used for Spoofing targeted users. Either way, a user would need to click something in an email to trigger this vulnerability. The Preview Pane is NOT an attack vector. However, we have seen a rash of NTLM relaying bugs over the last few months. With the wide user base of Outlook, this will likely be targeted by threat actors in the coming months.
155. Spoofing - Microsoft SharePoint Server (CVE-2024-26251) - High [400]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.8 | 17 | The exploit's existence is mentioned in Microsoft CVSS Temporal Metrics (Autonomous Exploit) | |
| 0.4 | 15 | Spoofing | |
| 0.5 | 14 | Microsoft SharePoint Server | |
| 0.7 | 10 | CVSS Base Score is 6.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Rapid7: SharePoint receives a patch for CVE-2024-26251, a spoofing vulnerability which abuses cross-site scripting (XSS) and affects SharePoint Server 2016, 2019, and Subscription Edition. Exploitation requires multiple conditions to be met, including but not limited to a reliance on user actions, token impersonation, and specific application configuration. On that basis, although Microsoft is in possession of mature exploit code, exploitation is rated less likely.
156. Denial of Service - Windows Hyper-V (CVE-2024-29064) - Medium [397]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.6 | 14 | Hardware virtualization component of the client editions of Windows NT | |
| 0.6 | 10 | CVSS Base Score is 6.2. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
157. Information Disclosure - Azure AI Search (CVE-2024-29063) - Medium [395]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.4 | 17 | The exploit's existence is mentioned in Microsoft CVSS Temporal Metrics (Proof-of-Concept Exploit) | |
| 0.83 | 15 | Information Disclosure | |
| 0.5 | 14 | Azure AI Search | |
| 0.7 | 10 | CVSS Base Score is 7.3. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
158. Denial of Service - Azure Private 5G Core (CVE-2024-20685) - Medium [380]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.7 | 15 | Denial of Service | |
| 0.5 | 14 | Azure Private 5G Core | |
| 0.6 | 10 | CVSS Base Score is 5.9. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
159. Spoofing - Chromium (CVE-2024-2628) - Medium [365]
Description: Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.4 | 10 | CVSS Base Score is 4.3. According to NVD data source | |
| 0.1 | 10 | EPSS Probability is 0.0, EPSS Percentile is 0.14 |
MS PT Extended: CVE-2024-2628 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
160. Spoofing - Chromium (CVE-2024-2629) - Medium [365]
Description: Incorrect security UI in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.4 | 10 | CVSS Base Score is 4.3. According to NVD data source | |
| 0.1 | 10 | EPSS Probability is 0.0, EPSS Percentile is 0.14 |
MS PT Extended: CVE-2024-2629 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
161. Spoofing - Chromium (CVE-2024-2631) - Medium [365]
Description: Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.4 | 10 | CVSS Base Score is 4.3. According to NVD data source | |
| 0.1 | 10 | EPSS Probability is 0.0, EPSS Percentile is 0.14 |
MS PT Extended: CVE-2024-2631 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
162. Spoofing - Microsoft Edge (CVE-2024-29057) - Medium [365]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.8 | 14 | Web browser | |
| 0.4 | 10 | CVSS Base Score is 4.3. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.0, EPSS Percentile is 0.08 |
MS PT Extended: CVE-2024-29057 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
163. Spoofing - Microsoft Edge (CVE-2024-29981) - Medium [345]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.4 | 17 | The exploit's existence is mentioned in Microsoft CVSS Temporal Metrics (Proof-of-Concept Exploit) | |
| 0.4 | 15 | Spoofing | |
| 0.8 | 14 | Web browser | |
| 0.4 | 10 | CVSS Base Score is 4.3. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.0, EPSS Percentile is 0.08 |
MS PT Extended: CVE-2024-29981 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
164. Memory Corruption - Chromium (CVE-2024-2400) - Medium [335]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.0 | 10 | CVSS Base Score is NA. No data. | |
| 0.1 | 10 | EPSS Probability is 0.0, EPSS Percentile is 0.14 |
MS PT Extended: CVE-2024-2400 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
165. Memory Corruption - Chromium (CVE-2024-2883) - Medium [335]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.0 | 10 | CVSS Base Score is NA. No data. | |
| 0.1 | 10 | EPSS Probability is 0.0, EPSS Percentile is 0.14 |
MS PT Extended: CVE-2024-2883 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
166. Memory Corruption - Chromium (CVE-2024-2885) - Medium [335]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.0 | 10 | CVSS Base Score is NA. No data. | |
| 0.1 | 10 | EPSS Probability is 0.0, EPSS Percentile is 0.14 |
MS PT Extended: CVE-2024-2885 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
167. Memory Corruption - Chromium (CVE-2024-2886) - Medium [335]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.0 | 10 | CVSS Base Score is NA. No data. | |
| 0.1 | 10 | EPSS Probability is 0.0, EPSS Percentile is 0.14 |
MS PT Extended: CVE-2024-2886 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
168. Memory Corruption - Chromium (CVE-2024-3156) - Medium [335]
Description: Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially perform
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.0 | 10 | CVSS Base Score is NA. No data. | |
| 0.1 | 10 | EPSS Probability is 0.0, EPSS Percentile is 0.08 |
MS PT Extended: CVE-2024-3156 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
169. Memory Corruption - Chromium (CVE-2024-3158) - Medium [335]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.0 | 10 | CVSS Base Score is NA. No data. | |
| 0.1 | 10 | EPSS Probability is 0.0, EPSS Percentile is 0.08 |
MS PT Extended: CVE-2024-3158 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
170. Memory Corruption - Chromium (CVE-2024-3159) - Medium [335]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0.8 | 14 | Chromium is a free and open-source web browser project, mainly developed and maintained by Google | |
| 0.0 | 10 | CVSS Base Score is NA. No data. | |
| 0.1 | 10 | EPSS Probability is 0.0, EPSS Percentile is 0.08 |
MS PT Extended: CVE-2024-3159 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
171. Spoofing - Microsoft Edge (Chromium-based) Webview2 (CVE-2024-29049) - Medium [315]
Description:
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.4 | 15 | Spoofing | |
| 0.5 | 14 | Microsoft Edge (Chromium-based) Webview2 | |
| 0.4 | 10 | CVSS Base Score is 4.1. According to Microsoft data source | |
| 0.1 | 10 | EPSS Probability is 0.0, EPSS Percentile is 0.08 |
MS PT Extended: CVE-2024-29049 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
172. Memory Corruption - Unknown Product (CVE-2024-23594) - Medium [261]
Description: {'ms_cve_data_all': 'Lenovo: CVE-2024-23594 Stack buffer overflow in Lenovo system recovery boot manager', 'nvd_cve_data_all': '', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': '', 'combined_cve_data_all': ''}
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0.5 | 15 | Memory Corruption | |
| 0 | 14 | Unknown Product | |
| 0.6 | 10 | CVSS Base Score is 6.4. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
173. 
Unknown Vulnerability Type - Unknown Product (CVE-2024-23593) - Low [196]
Description: {'ms_cve_data_all': 'Lenovo: CVE-2024-23593 Zero Out Boot Manager and drop to UEFI Shell', 'nvd_cve_data_all': '', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': '', 'combined_cve_data_all': ''}
| Component | Value | Weight | Comment |
|---|---|---|---|
| 0 | 18 | Exploitation in the wild is NOT mentioned in available Data Sources | |
| 0.5 | 17 | The exploit's existence is NOT mentioned in available Data Sources | |
| 0 | 15 | Unknown Vulnerability Type | |
| 0 | 14 | Unknown Product | |
| 0.8 | 10 | CVSS Base Score is 7.8. According to Microsoft data source | |
| 0 | 10 | EPSS Probability is 0, EPSS Percentile is 0 |
Spoofing (1)Qualys: Other Microsoft Vulnerability Highlights CVE-2024-26256 is a remote code execution vulnerability in libarchive. An attacker requires no authentication to exploit the vulnerability. An unauthorized attacker must wait for a user to initiate a connection for successful exploitation. CVE-2024-26158 is an elevation of privilege vulnerability in the Microsoft Install Service. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26209 is an information disclosure vulnerability in Microsoft Local Security Authority Subsystem Service. On successful exploitation, an attacker may disclose uninitialized memory. CVE-2024-26218 is an elevation of privilege vulnerability in Windows Kernel. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26234 is a spoofing vulnerability in Proxy Driver. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26211 is an elevation of privilege vulnerability in Windows Remote Access Connection Manager. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26212 is a denial-of-service vulnerability in the DHCP Server Service. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26230 and CVE-2024-26239 are elevation of privilege vulnerabilities in the Windows Telephony Server. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-29056 is an elevation of privilege vulnerability in Windows Authentication. An attacker who successfully exploits the vulnerability may view some sensitive information. The advisory states, “The updates released on or after April 9, 2024, will NOT fully address the security issues in this vulnerability. For more information about how to manage PAC validation changes related to this CVE and the steps you need to take to be fully protected, see How to manage PAC Validation changes related to CVE-2024-26248 and CVE-2024-29056.” CVE-2024-29988 is a security feature bypass vulnerability in SmartScreen Prompt. To exploit this vulnerability, an attacker must convince a user to launch malicious files using a launcher application that requests that no UI be shown. CVE-2024-26241 is an elevation of privilege vulnerability in Win32k. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-28921 & CVE-2024-28903 are security feature bypass vulnerabilities in Secure Boot. Successful exploitation of the vulnerability may allow an attacker to bypass Secure Boot. Microsoft mentioned in the advisory, “All customers should apply the April 9, 2024, Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required to mitigate this vulnerability. Please refer to KB5025885.”
Rapid7: Microsoft is addressing 149 vulnerabilities this April 2024 Patch Tuesday, which is significantly more than usual. For the second month in a row, Microsoft indicated that they weren't aware of prior public disclosure or exploitation in the wild for any of the vulnerabilities patched today. However, later in the day, Microsoft subsequently updated the advisory for CVE-2024-26234 to acknowledge in-the-wild exploitation and public disclosure of the exploit. There are no new additions to CISA KEV at time of writing.
Rapid7: When originally published, the advisory for CVE-2024-26234 did not indicate that Microsoft was aware of in-the-wild exploitation or public exploit disclosure. However, late on the day of publication, Microsoft updated the advisory to acknowledge awareness of both in-the-wild exploitation and public disclosure.
Rapid7: 2024-04-09: Updated discussion of vuln diclosure prior to publication to reflect Microsoft's update to the advisory for CVE-2024-26234.
ZDI: *Note that post-release, Microsoft confirmed CVE-2024-26234 is also under active attack. The table has been updated to reflect this new information. * Indicates this CVE had been released by a third party and is now being included in Microsoft releases.
Remote Code Execution (68)Rapid7: Microsoft is patching a single Office vulnerability today. CVE-2024-26257 describes a RCE vulnerability in Excel; exploitation requires that the attacker convinces the user to open a specially-crafted malicious file.
Qualys: CVE-2024-21322: Microsoft Defender for IoT Remote Code Execution Vulnerability Microsoft Defender for IoT is a tool that provides visibility and security across a network by identifying specialized protocols, devices, and machine-to-machine (M2M) behaviors. The tool protects enterprise IoT networks and supports cloud, on-premises, and hybrid OT networks. An attacker must be an administrator of the web application to exploit the vulnerability. Successful exploitation of the vulnerability may lead to remote code execution on target systems.
Qualys: CVE-2024-21323: Microsoft Defender for IoT Remote Code Execution Vulnerability To exploit this path traversal vulnerability, an attacker must send a tar file to the Defender for the IoT sensor. After the extraction process, the attacker may send unsigned update packages and overwrite any file they choose. The attacker must first authenticate themselves and gain the necessary permissions to initiate the update process.
Qualys: CVE-2024-29053: Microsoft Defender for IoT Remote Code Execution Vulnerability An attacker must be authenticated to exploit the vulnerability, but no admin or other elevated privileges are required. Successful exploitation of this path traversal vulnerability requires an authenticated attacker, with access to the file upload feature, to upload malicious files to sensitive locations on the server.
Rapid7: The advisory for CVE-2024-21322 is light on detail, but notes that exploitation requires the attacker to have existing administrative access to the Defender for IoT web application; this limits the attacker value in isolation, although the potential for insider threat or use as part of an exploit chain remains.
Rapid7: CVE-2024-21323 describes an update-based attack and requires prior authentication; an attacker with the ability to control how a Defender for IoT sensor receives updates could cause the sensor device to apply a malicious update package, overwriting arbitrary files on the sensor filesystem via a path traversal weakness.
Rapid7: Exploitation of CVE-2024-29053 allows arbitrary file upload for any authenticated user, also via a path traversal weakness, although the advisory does not specify what the target is other than “the server”.
Rapid7: The addition of CWE assessments to Microsoft security advisories helps pinpoint the generic root cause of a vulnerability; e.g., CVE-2024-21322 is assigned “CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection').” By embracing CWE taxonomy, Microsoft is moving away from its own proprietary system to describe root cause. The CWE program has recently updated its guidance on mapping CVEs to a CWE Root Cause.
ZDI: CVE-2024-20678 – Remote Procedure Call Runtime Remote Code Execution Vulnerability. There is a long history of RPC exploits being seen in the wild, so any RPC bug that could lead to code execution turns heads. This bug does require authentication, but it doesn’t require any elevated permission. Any authenticated user could hit it. It’s not clear if you could hit this if you authenticated as Guest or an anonymous user. A quick search shows about 1.3 million systems with TCP port 135 exposed to the internet. I expect a lot of people will be looking to exploit this in short order.
ZDI: CVE-2024-26221 – Windows DNS Server Remote Code Execution Vulnerability. This is one of seven DNS RCE bugs being patched this month and all are documented identically. These bugs allow RCE on an affected DNS server if the attacker has the privileges to query the DNS server. There is a timing factor here as well, but if the DNS queries are timed correctly, the attacker can execute arbitrary code on the target server. Although not specifically stated, it seems logical that the code execution would occur at the level of the DNS service, which is elevated. I really don’t need to tell you that your DNS servers are critical targets, so please take these bugs seriously and test and deploy the patches quickly.
Tenable: |CVE-2024-28929||Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability||8.8|
Tenable: |CVE-2024-28930||Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability||8.8|
Tenable: |CVE-2024-28931||Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability||8.8|
Tenable: |CVE-2024-28932||Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability||8.8|
Tenable: |CVE-2024-28933||Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability||8.8|
Tenable: |CVE-2024-28934||Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability||8.8|
Tenable: |CVE-2024-28935||Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability||8.8|
Tenable: |CVE-2024-28936||Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability||8.8|
Tenable: |CVE-2024-28937||Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability||8.8|
Tenable: |CVE-2024-28938||Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability||8.8|
Tenable: |CVE-2024-28941||Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability||8.8|
Tenable: |CVE-2024-28943||Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability||8.8|
Tenable: |CVE-2024-29043||Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability||8.8|
Tenable: This month's release included 41 CVEs affecting multiple drivers for SQL Server, the Open Database Connectivity (ODBC) driver, WDAC OLE DB Driver and OLE DB driver. All but one of these CVEs received CVSSv3 scores of 8.8, with the lone exception, CVE-2024-29045 receiving a 7.5. All were rated as “Exploitation Less Likely” according to the Microsoft Exploitability Index, with none being publicly disclosed or exploited in the wild. A full list of the CVEs is included in the table below.
Tenable: |CVE-2024-28906||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
Tenable: |CVE-2024-28908||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
Tenable: |CVE-2024-28909||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
Tenable: |CVE-2024-28910||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
Tenable: |CVE-2024-28911||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
Tenable: |CVE-2024-28912||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
Tenable: |CVE-2024-28913||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
Tenable: |CVE-2024-28914||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
Tenable: |CVE-2024-28915||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
Tenable: |CVE-2024-28926||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
Tenable: |CVE-2024-28927||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
Tenable: |CVE-2024-28939||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
Tenable: |CVE-2024-28940||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
Tenable: |CVE-2024-28942||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
Tenable: |CVE-2024-28944||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
Tenable: |CVE-2024-28945||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
Tenable: |CVE-2024-29044||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
Tenable: |CVE-2024-29045||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||7.5|
Tenable: |CVE-2024-29047||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
Tenable: |CVE-2024-29048||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
Tenable: |CVE-2024-29982||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
Tenable: |CVE-2024-29983||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
Tenable: |CVE-2024-29984||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
Tenable: |CVE-2024-29985||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
Tenable: |CVE-2024-29046||Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability||8.8|
Tenable: |CVE-2024-26210||Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability||8.8|
Tenable: |CVE-2024-26244||Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability||8.8|
Tenable: |CVE-2024-26214||Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability||8.8|
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-26256 is a remote code execution vulnerability in libarchive. An attacker requires no authentication to exploit the vulnerability. An unauthorized attacker must wait for a user to initiate a connection for successful exploitation. CVE-2024-26158 is an elevation of privilege vulnerability in the Microsoft Install Service. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26209 is an information disclosure vulnerability in Microsoft Local Security Authority Subsystem Service. On successful exploitation, an attacker may disclose uninitialized memory. CVE-2024-26218 is an elevation of privilege vulnerability in Windows Kernel. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26234 is a spoofing vulnerability in Proxy Driver. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26211 is an elevation of privilege vulnerability in Windows Remote Access Connection Manager. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26212 is a denial-of-service vulnerability in the DHCP Server Service. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26230 and CVE-2024-26239 are elevation of privilege vulnerabilities in the Windows Telephony Server. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-29056 is an elevation of privilege vulnerability in Windows Authentication. An attacker who successfully exploits the vulnerability may view some sensitive information. The advisory states, “The updates released on or after April 9, 2024, will NOT fully address the security issues in this vulnerability. For more information about how to manage PAC validation changes related to this CVE and the steps you need to take to be fully protected, see How to manage PAC Validation changes related to CVE-2024-26248 and CVE-2024-29056.” CVE-2024-29988 is a security feature bypass vulnerability in SmartScreen Prompt. To exploit this vulnerability, an attacker must convince a user to launch malicious files using a launcher application that requests that no UI be shown. CVE-2024-26241 is an elevation of privilege vulnerability in Win32k. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-28921 & CVE-2024-28903 are security feature bypass vulnerabilities in Secure Boot. Successful exploitation of the vulnerability may allow an attacker to bypass Secure Boot. Microsoft mentioned in the advisory, “All customers should apply the April 9, 2024, Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required to mitigate this vulnerability. Please refer to KB5025885.”
Qualys: CVE-2024-26232: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability CVSS:3.1 7.3 / 6.4 Policy Compliance Control IDs (CIDs): 14297 Status of the open network connections and listening ports (Qualys Agent only) 14916 Status of Windows Services 4030 Status of the Windows Message Queuing Service The following QQL will return a posture assessment for the CIDs for this Patch Tuesday: control.id: [14297, 14916, 4030]
MS PT Extended: CVE-2024-2887 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
Elevation of Privilege (32)Qualys: Other Microsoft Vulnerability Highlights CVE-2024-26256 is a remote code execution vulnerability in libarchive. An attacker requires no authentication to exploit the vulnerability. An unauthorized attacker must wait for a user to initiate a connection for successful exploitation. CVE-2024-26158 is an elevation of privilege vulnerability in the Microsoft Install Service. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26209 is an information disclosure vulnerability in Microsoft Local Security Authority Subsystem Service. On successful exploitation, an attacker may disclose uninitialized memory. CVE-2024-26218 is an elevation of privilege vulnerability in Windows Kernel. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26234 is a spoofing vulnerability in Proxy Driver. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26211 is an elevation of privilege vulnerability in Windows Remote Access Connection Manager. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26212 is a denial-of-service vulnerability in the DHCP Server Service. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26230 and CVE-2024-26239 are elevation of privilege vulnerabilities in the Windows Telephony Server. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-29056 is an elevation of privilege vulnerability in Windows Authentication. An attacker who successfully exploits the vulnerability may view some sensitive information. The advisory states, “The updates released on or after April 9, 2024, will NOT fully address the security issues in this vulnerability. For more information about how to manage PAC validation changes related to this CVE and the steps you need to take to be fully protected, see How to manage PAC Validation changes related to CVE-2024-26248 and CVE-2024-29056.” CVE-2024-29988 is a security feature bypass vulnerability in SmartScreen Prompt. To exploit this vulnerability, an attacker must convince a user to launch malicious files using a launcher application that requests that no UI be shown. CVE-2024-26241 is an elevation of privilege vulnerability in Win32k. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-28921 & CVE-2024-28903 are security feature bypass vulnerabilities in Secure Boot. Successful exploitation of the vulnerability may allow an attacker to bypass Secure Boot. Microsoft mentioned in the advisory, “All customers should apply the April 9, 2024, Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required to mitigate this vulnerability. Please refer to KB5025885.”
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-26256 is a remote code execution vulnerability in libarchive. An attacker requires no authentication to exploit the vulnerability. An unauthorized attacker must wait for a user to initiate a connection for successful exploitation. CVE-2024-26158 is an elevation of privilege vulnerability in the Microsoft Install Service. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26209 is an information disclosure vulnerability in Microsoft Local Security Authority Subsystem Service. On successful exploitation, an attacker may disclose uninitialized memory. CVE-2024-26218 is an elevation of privilege vulnerability in Windows Kernel. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26234 is a spoofing vulnerability in Proxy Driver. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26211 is an elevation of privilege vulnerability in Windows Remote Access Connection Manager. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26212 is a denial-of-service vulnerability in the DHCP Server Service. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26230 and CVE-2024-26239 are elevation of privilege vulnerabilities in the Windows Telephony Server. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-29056 is an elevation of privilege vulnerability in Windows Authentication. An attacker who successfully exploits the vulnerability may view some sensitive information. The advisory states, “The updates released on or after April 9, 2024, will NOT fully address the security issues in this vulnerability. For more information about how to manage PAC validation changes related to this CVE and the steps you need to take to be fully protected, see How to manage PAC Validation changes related to CVE-2024-26248 and CVE-2024-29056.” CVE-2024-29988 is a security feature bypass vulnerability in SmartScreen Prompt. To exploit this vulnerability, an attacker must convince a user to launch malicious files using a launcher application that requests that no UI be shown. CVE-2024-26241 is an elevation of privilege vulnerability in Win32k. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-28921 & CVE-2024-28903 are security feature bypass vulnerabilities in Secure Boot. Successful exploitation of the vulnerability may allow an attacker to bypass Secure Boot. Microsoft mentioned in the advisory, “All customers should apply the April 9, 2024, Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required to mitigate this vulnerability. Please refer to KB5025885.”
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-26256 is a remote code execution vulnerability in libarchive. An attacker requires no authentication to exploit the vulnerability. An unauthorized attacker must wait for a user to initiate a connection for successful exploitation. CVE-2024-26158 is an elevation of privilege vulnerability in the Microsoft Install Service. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26209 is an information disclosure vulnerability in Microsoft Local Security Authority Subsystem Service. On successful exploitation, an attacker may disclose uninitialized memory. CVE-2024-26218 is an elevation of privilege vulnerability in Windows Kernel. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26234 is a spoofing vulnerability in Proxy Driver. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26211 is an elevation of privilege vulnerability in Windows Remote Access Connection Manager. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26212 is a denial-of-service vulnerability in the DHCP Server Service. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26230 and CVE-2024-26239 are elevation of privilege vulnerabilities in the Windows Telephony Server. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-29056 is an elevation of privilege vulnerability in Windows Authentication. An attacker who successfully exploits the vulnerability may view some sensitive information. The advisory states, “The updates released on or after April 9, 2024, will NOT fully address the security issues in this vulnerability. For more information about how to manage PAC validation changes related to this CVE and the steps you need to take to be fully protected, see How to manage PAC Validation changes related to CVE-2024-26248 and CVE-2024-29056.” CVE-2024-29988 is a security feature bypass vulnerability in SmartScreen Prompt. To exploit this vulnerability, an attacker must convince a user to launch malicious files using a launcher application that requests that no UI be shown. CVE-2024-26241 is an elevation of privilege vulnerability in Win32k. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-28921 & CVE-2024-28903 are security feature bypass vulnerabilities in Secure Boot. Successful exploitation of the vulnerability may allow an attacker to bypass Secure Boot. Microsoft mentioned in the advisory, “All customers should apply the April 9, 2024, Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required to mitigate this vulnerability. Please refer to KB5025885.”
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-26256 is a remote code execution vulnerability in libarchive. An attacker requires no authentication to exploit the vulnerability. An unauthorized attacker must wait for a user to initiate a connection for successful exploitation. CVE-2024-26158 is an elevation of privilege vulnerability in the Microsoft Install Service. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26209 is an information disclosure vulnerability in Microsoft Local Security Authority Subsystem Service. On successful exploitation, an attacker may disclose uninitialized memory. CVE-2024-26218 is an elevation of privilege vulnerability in Windows Kernel. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26234 is a spoofing vulnerability in Proxy Driver. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26211 is an elevation of privilege vulnerability in Windows Remote Access Connection Manager. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26212 is a denial-of-service vulnerability in the DHCP Server Service. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26230 and CVE-2024-26239 are elevation of privilege vulnerabilities in the Windows Telephony Server. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-29056 is an elevation of privilege vulnerability in Windows Authentication. An attacker who successfully exploits the vulnerability may view some sensitive information. The advisory states, “The updates released on or after April 9, 2024, will NOT fully address the security issues in this vulnerability. For more information about how to manage PAC validation changes related to this CVE and the steps you need to take to be fully protected, see How to manage PAC Validation changes related to CVE-2024-26248 and CVE-2024-29056.” CVE-2024-29988 is a security feature bypass vulnerability in SmartScreen Prompt. To exploit this vulnerability, an attacker must convince a user to launch malicious files using a launcher application that requests that no UI be shown. CVE-2024-26241 is an elevation of privilege vulnerability in Win32k. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-28921 & CVE-2024-28903 are security feature bypass vulnerabilities in Secure Boot. Successful exploitation of the vulnerability may allow an attacker to bypass Secure Boot. Microsoft mentioned in the advisory, “All customers should apply the April 9, 2024, Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required to mitigate this vulnerability. Please refer to KB5025885.”
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-26256 is a remote code execution vulnerability in libarchive. An attacker requires no authentication to exploit the vulnerability. An unauthorized attacker must wait for a user to initiate a connection for successful exploitation. CVE-2024-26158 is an elevation of privilege vulnerability in the Microsoft Install Service. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26209 is an information disclosure vulnerability in Microsoft Local Security Authority Subsystem Service. On successful exploitation, an attacker may disclose uninitialized memory. CVE-2024-26218 is an elevation of privilege vulnerability in Windows Kernel. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26234 is a spoofing vulnerability in Proxy Driver. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26211 is an elevation of privilege vulnerability in Windows Remote Access Connection Manager. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26212 is a denial-of-service vulnerability in the DHCP Server Service. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26230 and CVE-2024-26239 are elevation of privilege vulnerabilities in the Windows Telephony Server. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-29056 is an elevation of privilege vulnerability in Windows Authentication. An attacker who successfully exploits the vulnerability may view some sensitive information. The advisory states, “The updates released on or after April 9, 2024, will NOT fully address the security issues in this vulnerability. For more information about how to manage PAC validation changes related to this CVE and the steps you need to take to be fully protected, see How to manage PAC Validation changes related to CVE-2024-26248 and CVE-2024-29056.” CVE-2024-29988 is a security feature bypass vulnerability in SmartScreen Prompt. To exploit this vulnerability, an attacker must convince a user to launch malicious files using a launcher application that requests that no UI be shown. CVE-2024-26241 is an elevation of privilege vulnerability in Win32k. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-28921 & CVE-2024-28903 are security feature bypass vulnerabilities in Secure Boot. Successful exploitation of the vulnerability may allow an attacker to bypass Secure Boot. Microsoft mentioned in the advisory, “All customers should apply the April 9, 2024, Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required to mitigate this vulnerability. Please refer to KB5025885.”
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-26256 is a remote code execution vulnerability in libarchive. An attacker requires no authentication to exploit the vulnerability. An unauthorized attacker must wait for a user to initiate a connection for successful exploitation. CVE-2024-26158 is an elevation of privilege vulnerability in the Microsoft Install Service. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26209 is an information disclosure vulnerability in Microsoft Local Security Authority Subsystem Service. On successful exploitation, an attacker may disclose uninitialized memory. CVE-2024-26218 is an elevation of privilege vulnerability in Windows Kernel. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26234 is a spoofing vulnerability in Proxy Driver. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26211 is an elevation of privilege vulnerability in Windows Remote Access Connection Manager. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26212 is a denial-of-service vulnerability in the DHCP Server Service. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26230 and CVE-2024-26239 are elevation of privilege vulnerabilities in the Windows Telephony Server. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-29056 is an elevation of privilege vulnerability in Windows Authentication. An attacker who successfully exploits the vulnerability may view some sensitive information. The advisory states, “The updates released on or after April 9, 2024, will NOT fully address the security issues in this vulnerability. For more information about how to manage PAC validation changes related to this CVE and the steps you need to take to be fully protected, see How to manage PAC Validation changes related to CVE-2024-26248 and CVE-2024-29056.” CVE-2024-29988 is a security feature bypass vulnerability in SmartScreen Prompt. To exploit this vulnerability, an attacker must convince a user to launch malicious files using a launcher application that requests that no UI be shown. CVE-2024-26241 is an elevation of privilege vulnerability in Win32k. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-28921 & CVE-2024-28903 are security feature bypass vulnerabilities in Secure Boot. Successful exploitation of the vulnerability may allow an attacker to bypass Secure Boot. Microsoft mentioned in the advisory, “All customers should apply the April 9, 2024, Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required to mitigate this vulnerability. Please refer to KB5025885.”
MS PT Extended: CVE-2024-28916 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-26256 is a remote code execution vulnerability in libarchive. An attacker requires no authentication to exploit the vulnerability. An unauthorized attacker must wait for a user to initiate a connection for successful exploitation. CVE-2024-26158 is an elevation of privilege vulnerability in the Microsoft Install Service. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26209 is an information disclosure vulnerability in Microsoft Local Security Authority Subsystem Service. On successful exploitation, an attacker may disclose uninitialized memory. CVE-2024-26218 is an elevation of privilege vulnerability in Windows Kernel. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26234 is a spoofing vulnerability in Proxy Driver. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26211 is an elevation of privilege vulnerability in Windows Remote Access Connection Manager. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26212 is a denial-of-service vulnerability in the DHCP Server Service. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26230 and CVE-2024-26239 are elevation of privilege vulnerabilities in the Windows Telephony Server. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-29056 is an elevation of privilege vulnerability in Windows Authentication. An attacker who successfully exploits the vulnerability may view some sensitive information. The advisory states, “The updates released on or after April 9, 2024, will NOT fully address the security issues in this vulnerability. For more information about how to manage PAC validation changes related to this CVE and the steps you need to take to be fully protected, see How to manage PAC Validation changes related to CVE-2024-26248 and CVE-2024-29056.” CVE-2024-29988 is a security feature bypass vulnerability in SmartScreen Prompt. To exploit this vulnerability, an attacker must convince a user to launch malicious files using a launcher application that requests that no UI be shown. CVE-2024-26241 is an elevation of privilege vulnerability in Win32k. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-28921 & CVE-2024-28903 are security feature bypass vulnerabilities in Secure Boot. Successful exploitation of the vulnerability may allow an attacker to bypass Secure Boot. Microsoft mentioned in the advisory, “All customers should apply the April 9, 2024, Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required to mitigate this vulnerability. Please refer to KB5025885.”
Tenable: CVE-2024-29990 | Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
Tenable: CVE-2024-29990 is an EoP vulnerability in the Azure Kubernetes Service Confidential Containers (AKSCC). It was assigned a CVSSv3 score of 9 and is rated important. Exploitation of this flaw hinges on the preparation of a target environment by an attacker. Successful exploitation would enable an attacker to “steal credentials and affect resources beyond the security scope managed by AKSCC.” This includes taking over both “confidential guests and containers beyond the network stack it might be bound to.”
Information Disclosure (14)MS PT Extended: CVE-2024-29059 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-26256 is a remote code execution vulnerability in libarchive. An attacker requires no authentication to exploit the vulnerability. An unauthorized attacker must wait for a user to initiate a connection for successful exploitation. CVE-2024-26158 is an elevation of privilege vulnerability in the Microsoft Install Service. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26209 is an information disclosure vulnerability in Microsoft Local Security Authority Subsystem Service. On successful exploitation, an attacker may disclose uninitialized memory. CVE-2024-26218 is an elevation of privilege vulnerability in Windows Kernel. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26234 is a spoofing vulnerability in Proxy Driver. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26211 is an elevation of privilege vulnerability in Windows Remote Access Connection Manager. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26212 is a denial-of-service vulnerability in the DHCP Server Service. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26230 and CVE-2024-26239 are elevation of privilege vulnerabilities in the Windows Telephony Server. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-29056 is an elevation of privilege vulnerability in Windows Authentication. An attacker who successfully exploits the vulnerability may view some sensitive information. The advisory states, “The updates released on or after April 9, 2024, will NOT fully address the security issues in this vulnerability. For more information about how to manage PAC validation changes related to this CVE and the steps you need to take to be fully protected, see How to manage PAC Validation changes related to CVE-2024-26248 and CVE-2024-29056.” CVE-2024-29988 is a security feature bypass vulnerability in SmartScreen Prompt. To exploit this vulnerability, an attacker must convince a user to launch malicious files using a launcher application that requests that no UI be shown. CVE-2024-26241 is an elevation of privilege vulnerability in Win32k. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-28921 & CVE-2024-28903 are security feature bypass vulnerabilities in Secure Boot. Successful exploitation of the vulnerability may allow an attacker to bypass Secure Boot. Microsoft mentioned in the advisory, “All customers should apply the April 9, 2024, Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required to mitigate this vulnerability. Please refer to KB5025885.”
Security Feature Bypass (31)MS PT Extended: CVE-2024-2630 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
MS PT Extended: CVE-2024-26247 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
MS PT Extended: CVE-2024-26163 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
MS PT Extended: CVE-2024-26246 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-26256 is a remote code execution vulnerability in libarchive. An attacker requires no authentication to exploit the vulnerability. An unauthorized attacker must wait for a user to initiate a connection for successful exploitation. CVE-2024-26158 is an elevation of privilege vulnerability in the Microsoft Install Service. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26209 is an information disclosure vulnerability in Microsoft Local Security Authority Subsystem Service. On successful exploitation, an attacker may disclose uninitialized memory. CVE-2024-26218 is an elevation of privilege vulnerability in Windows Kernel. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26234 is a spoofing vulnerability in Proxy Driver. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26211 is an elevation of privilege vulnerability in Windows Remote Access Connection Manager. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26212 is a denial-of-service vulnerability in the DHCP Server Service. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26230 and CVE-2024-26239 are elevation of privilege vulnerabilities in the Windows Telephony Server. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-29056 is an elevation of privilege vulnerability in Windows Authentication. An attacker who successfully exploits the vulnerability may view some sensitive information. The advisory states, “The updates released on or after April 9, 2024, will NOT fully address the security issues in this vulnerability. For more information about how to manage PAC validation changes related to this CVE and the steps you need to take to be fully protected, see How to manage PAC Validation changes related to CVE-2024-26248 and CVE-2024-29056.” CVE-2024-29988 is a security feature bypass vulnerability in SmartScreen Prompt. To exploit this vulnerability, an attacker must convince a user to launch malicious files using a launcher application that requests that no UI be shown. CVE-2024-26241 is an elevation of privilege vulnerability in Win32k. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-28921 & CVE-2024-28903 are security feature bypass vulnerabilities in Secure Boot. Successful exploitation of the vulnerability may allow an attacker to bypass Secure Boot. Microsoft mentioned in the advisory, “All customers should apply the April 9, 2024, Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required to mitigate this vulnerability. Please refer to KB5025885.”
Tenable: |CVE-2024-26240||Secure Boot Security Feature Bypass Vulnerability||8|
Tenable: |CVE-2024-26189||Secure Boot Security Feature Bypass Vulnerability||8|
Tenable: |CVE-2024-28925||Secure Boot Security Feature Bypass Vulnerability||8|
Tenable: |CVE-2024-26180||Secure Boot Security Feature Bypass Vulnerability||8|
Tenable: |CVE-2024-29061||Secure Boot Security Feature Bypass Vulnerability||7.8|
Tenable: |CVE-2024-28920||Secure Boot Security Feature Bypass Vulnerability||7.8|
Tenable: |CVE-2024-26175||Secure Boot Security Feature Bypass Vulnerability||7.8|
Tenable: |CVE-2024-28896||Secure Boot Security Feature Bypass Vulnerability||7.5|
Tenable: |CVE-2024-26194||Secure Boot Security Feature Bypass Vulnerability||7.4|
Tenable: |CVE-2024-20688||Secure Boot Security Feature Bypass Vulnerability||7.1|
Tenable: |CVE-2024-29062||Secure Boot Security Feature Bypass Vulnerability||7.1|
Tenable: |CVE-2024-20689||Secure Boot Security Feature Bypass Vulnerability||7.1|
Tenable: |CVE-2024-28897||Secure Boot Security Feature Bypass Vulnerability||6.8|
Tenable: |CVE-2024-26168||Secure Boot Security Feature Bypass Vulnerability||6.8|
Tenable: |CVE-2024-28919||Secure Boot Security Feature Bypass Vulnerability||6.7|
Tenable: |CVE-2024-26250||Secure Boot Security Feature Bypass Vulnerability||6.7|
Tenable: |CVE-2024-20669||Secure Boot Security Feature Bypass Vulnerability||6.7|
Tenable: |CVE-2024-28924||Secure Boot Security Feature Bypass Vulnerability||6.7|
Tenable: |CVE-2024-26171||Secure Boot Security Feature Bypass Vulnerability||6.7|
Tenable: |CVE-2024-28921||Secure Boot Security Feature Bypass Vulnerability||6.7|
Tenable: |CVE-2024-28923||Secure Boot Security Feature Bypass Vulnerability||6.4|
Tenable: |CVE-2024-28898||Secure Boot Security Feature Bypass Vulnerability||6.3|
Tenable: |CVE-2024-28922||Secure Boot Security Feature Bypass Vulnerability||4.1|
Tenable: Four of the 24 CVEs were assigned a CVSSv3 score of 8.0. They include CVE-2024-26240, CVE-2024-26189, CVE-2024-28925 and CVE-2024-26180. Exploitation of all of these flaws do require an attacker to have either physical access or local administrator privileges on the vulnerable device.
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-26256 is a remote code execution vulnerability in libarchive. An attacker requires no authentication to exploit the vulnerability. An unauthorized attacker must wait for a user to initiate a connection for successful exploitation. CVE-2024-26158 is an elevation of privilege vulnerability in the Microsoft Install Service. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26209 is an information disclosure vulnerability in Microsoft Local Security Authority Subsystem Service. On successful exploitation, an attacker may disclose uninitialized memory. CVE-2024-26218 is an elevation of privilege vulnerability in Windows Kernel. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26234 is a spoofing vulnerability in Proxy Driver. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26211 is an elevation of privilege vulnerability in Windows Remote Access Connection Manager. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26212 is a denial-of-service vulnerability in the DHCP Server Service. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26230 and CVE-2024-26239 are elevation of privilege vulnerabilities in the Windows Telephony Server. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-29056 is an elevation of privilege vulnerability in Windows Authentication. An attacker who successfully exploits the vulnerability may view some sensitive information. The advisory states, “The updates released on or after April 9, 2024, will NOT fully address the security issues in this vulnerability. For more information about how to manage PAC validation changes related to this CVE and the steps you need to take to be fully protected, see How to manage PAC Validation changes related to CVE-2024-26248 and CVE-2024-29056.” CVE-2024-29988 is a security feature bypass vulnerability in SmartScreen Prompt. To exploit this vulnerability, an attacker must convince a user to launch malicious files using a launcher application that requests that no UI be shown. CVE-2024-26241 is an elevation of privilege vulnerability in Win32k. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-28921 & CVE-2024-28903 are security feature bypass vulnerabilities in Secure Boot. Successful exploitation of the vulnerability may allow an attacker to bypass Secure Boot. Microsoft mentioned in the advisory, “All customers should apply the April 9, 2024, Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required to mitigate this vulnerability. Please refer to KB5025885.”
Tenable: Microsoft’s April 2024 Patch Tuesday Addresses 147 CVEs (CVE-2024-29988)
Tenable: CVE-2024-29988 | SmartScreen Prompt Security Feature Bypass Vulnerability
Tenable: CVE-2024-29988 is a security feature bypass vulnerability in Microsoft Defender SmartScreen. It was assigned a CVSSv3 score of 8.8 and is rated as important. An attacker could exploit this vulnerability by convincing a target to open a specially crafted file using social engineering tactics such as an external link or malicious attachment sent over email, instant messages or social media.This flaw was reported to Microsoft by some of the same researchers that disclosed CVE-2024-21412, an Internet Shortcut Files security feature bypass that was associated with a DarkGate campaign using fake installer files impersonating Apple iTunes, Notion, NVIDIA and others.
ZDI: CVE-2024-29988 – SmartScreen Prompt Security Feature Bypass Vulnerability. This is an odd one, as a ZDI threat researcher found this vulnerability being in the wild, although Microsoft currently doesn’t list this as exploited. I would treat this as in the wild until Microsoft clarifies. The bug itself acts much like CVE-2024-21412 – it bypasses the Mark of the Web (MotW) feature and allows malware to execute on a target system. Threat actors are sending exploits in a zipped file to evade EDR/NDR detection and then using this bug (and others) to bypass MotW.
Denial of Service (7)Qualys: Other Microsoft Vulnerability Highlights CVE-2024-26256 is a remote code execution vulnerability in libarchive. An attacker requires no authentication to exploit the vulnerability. An unauthorized attacker must wait for a user to initiate a connection for successful exploitation. CVE-2024-26158 is an elevation of privilege vulnerability in the Microsoft Install Service. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26209 is an information disclosure vulnerability in Microsoft Local Security Authority Subsystem Service. On successful exploitation, an attacker may disclose uninitialized memory. CVE-2024-26218 is an elevation of privilege vulnerability in Windows Kernel. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26234 is a spoofing vulnerability in Proxy Driver. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26211 is an elevation of privilege vulnerability in Windows Remote Access Connection Manager. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26212 is a denial-of-service vulnerability in the DHCP Server Service. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26230 and CVE-2024-26239 are elevation of privilege vulnerabilities in the Windows Telephony Server. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-29056 is an elevation of privilege vulnerability in Windows Authentication. An attacker who successfully exploits the vulnerability may view some sensitive information. The advisory states, “The updates released on or after April 9, 2024, will NOT fully address the security issues in this vulnerability. For more information about how to manage PAC validation changes related to this CVE and the steps you need to take to be fully protected, see How to manage PAC Validation changes related to CVE-2024-26248 and CVE-2024-29056.” CVE-2024-29988 is a security feature bypass vulnerability in SmartScreen Prompt. To exploit this vulnerability, an attacker must convince a user to launch malicious files using a launcher application that requests that no UI be shown. CVE-2024-26241 is an elevation of privilege vulnerability in Win32k. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-28921 & CVE-2024-28903 are security feature bypass vulnerabilities in Secure Boot. Successful exploitation of the vulnerability may allow an attacker to bypass Secure Boot. Microsoft mentioned in the advisory, “All customers should apply the April 9, 2024, Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required to mitigate this vulnerability. Please refer to KB5025885.”
Memory Corruption (11)MS PT Extended: CVE-2024-2885 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
MS PT Extended: CVE-2024-2400 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
MS PT Extended: CVE-2024-2626 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
MS PT Extended: CVE-2024-3156 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
MS PT Extended: CVE-2024-2627 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
MS PT Extended: CVE-2024-2883 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
MS PT Extended: CVE-2024-3158 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
MS PT Extended: CVE-2024-3159 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
MS PT Extended: CVE-2024-2625 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
MS PT Extended: CVE-2024-2886 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
Qualys: Other Microsoft Vulnerability Highlights CVE-2024-26256 is a remote code execution vulnerability in libarchive. An attacker requires no authentication to exploit the vulnerability. An unauthorized attacker must wait for a user to initiate a connection for successful exploitation. CVE-2024-26158 is an elevation of privilege vulnerability in the Microsoft Install Service. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26209 is an information disclosure vulnerability in Microsoft Local Security Authority Subsystem Service. On successful exploitation, an attacker may disclose uninitialized memory. CVE-2024-26218 is an elevation of privilege vulnerability in Windows Kernel. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26234 is a spoofing vulnerability in Proxy Driver. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26211 is an elevation of privilege vulnerability in Windows Remote Access Connection Manager. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-26212 is a denial-of-service vulnerability in the DHCP Server Service. Microsoft has not disclosed any information about the vulnerability. CVE-2024-26230 and CVE-2024-26239 are elevation of privilege vulnerabilities in the Windows Telephony Server. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-29056 is an elevation of privilege vulnerability in Windows Authentication. An attacker who successfully exploits the vulnerability may view some sensitive information. The advisory states, “The updates released on or after April 9, 2024, will NOT fully address the security issues in this vulnerability. For more information about how to manage PAC validation changes related to this CVE and the steps you need to take to be fully protected, see How to manage PAC Validation changes related to CVE-2024-26248 and CVE-2024-29056.” CVE-2024-29988 is a security feature bypass vulnerability in SmartScreen Prompt. To exploit this vulnerability, an attacker must convince a user to launch malicious files using a launcher application that requests that no UI be shown. CVE-2024-26241 is an elevation of privilege vulnerability in Win32k. On successful exploitation, an attacker could gain SYSTEM privileges. CVE-2024-28921 & CVE-2024-28903 are security feature bypass vulnerabilities in Secure Boot. Successful exploitation of the vulnerability may allow an attacker to bypass Secure Boot. Microsoft mentioned in the advisory, “All customers should apply the April 9, 2024, Windows security updates. These security updates address this vulnerability by updating the Windows Boot Manager and other components, but the protections are not enabled by default. Additional steps are required to mitigate this vulnerability. Please refer to KB5025885.”
Tenable: |CVE-2024-26250||Secure Boot Security Feature Bypass Vulnerability||6.7|
Rapid7: SharePoint receives a patch for CVE-2024-26251, a spoofing vulnerability which abuses cross-site scripting (XSS) and affects SharePoint Server 2016, 2019, and Subscription Edition. Exploitation requires multiple conditions to be met, including but not limited to a reliance on user actions, token impersonation, and specific application configuration. On that basis, although Microsoft is in possession of mature exploit code, exploitation is rated less likely.
Rapid7: Microsoft is patching a single Office vulnerability today. CVE-2024-26257 describes a RCE vulnerability in Excel; exploitation requires that the attacker convinces the user to open a specially-crafted malicious file.
Spoofing (8)ZDI: CVE-2024-20670 – Outlook for Windows Spoofing Vulnerability. This bug is listed as a spoofing bug, but based on the end result of exploitation, I would consider this information disclosure. In this case, the information disclosed would be NTLM hashes, which could then be used for Spoofing targeted users. Either way, a user would need to click something in an email to trigger this vulnerability. The Preview Pane is NOT an attack vector. However, we have seen a rash of NTLM relaying bugs over the last few months. With the wide user base of Outlook, this will likely be targeted by threat actors in the coming months.
Rapid7: SharePoint receives a patch for CVE-2024-26251, a spoofing vulnerability which abuses cross-site scripting (XSS) and affects SharePoint Server 2016, 2019, and Subscription Edition. Exploitation requires multiple conditions to be met, including but not limited to a reliance on user actions, token impersonation, and specific application configuration. On that basis, although Microsoft is in possession of mature exploit code, exploitation is rated less likely.
MS PT Extended: CVE-2024-2629 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
MS PT Extended: CVE-2024-2628 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
MS PT Extended: CVE-2024-2631 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
MS PT Extended: CVE-2024-29057 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
MS PT Extended: CVE-2024-29981 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
MS PT Extended: CVE-2024-29049 was published before April 2024 Patch Tuesday from 2024-03-13 to 2024-04-08
Unknown Vulnerability Type (1)