Published on Feb 13, 2024 • Last updated on Nov 15, 2024
Microsoft Exchange Server Elevation of Privilege Vulnerability
Exploit
A critical vulnerability in Microsoft Exchange Server enables unauthenticated attackers to perform NTLM relay attacks by exploiting inadequate Extended Protection for Authentication (EPA) settings, allowing them to intercept and relay NTLM credentials to gain unauthorized access with the privileges of legitimate users. The flaw enables full system compromise, potentially leading to data theft, system manipulation, and complete control of the affected Exchange server. This vulnerability is particularly concerning as it requires no user interaction, has a low attack complexity, and is actively being exploited in the wild.
Windows Kernel Elevation of Privilege Vulnerability
Exploit
A heap-based buffer overflow vulnerability in the Windows Kernel allows authenticated attackers with low privileges to execute arbitrary code by running specially crafted applications, potentially leading to complete SYSTEM privilege escalation and AppContainer isolation escape. The local attack vector requires no user interaction and can lead to a full system compromise with high impacts on confidentiality, integrity, and availability of the affected system. The presence of publicly available proof-of-concept exploits and the ability to escape contained execution environments makes this vulnerability particularly concerning for organizations running affected Windows Server installations.
Microsoft Outlook Remote Code Execution Vulnerability
Exploit
A remote code execution vulnerability in Microsoft Outlook enables authenticated attackers to execute arbitrary code through the Preview Pane without requiring user interaction, leveraging code injection techniques to gain elevated system privileges. The high-severity flaw affects multiple Microsoft Office products and can grant attackers full read, write, and delete capabilities, potentially leading to complete system compromise. The vulnerability is particularly critical as it has publicly available proof-of-concept exploits and confirmed instances of in-the-wild exploitation.
Microsoft Azure Site Recovery Elevation of Privilege Vulnerability
A privilege escalation vulnerability in Azure Site Recovery enables local attackers to execute code that can elevate privileges to IUSR and potentially expose MySQL root passwords, leading to the discovery of stored encrypted credentials. The vulnerability's scope change characteristic indicates it can affect resources beyond the security authority of the vulnerable component, though the impact is limited to the targeted system or database. Given the high impact on confidentiality, integrity, and availability, combined with low attack complexity and no required privileges or user interaction, this vulnerability represents a significant security risk for environments utilizing Azure Site Recovery.
Windows Kernel Elevation of Privilege Vulnerability
Exploit
A Windows Kernel privilege escalation vulnerability allows authenticated users to execute arbitrary code with SYSTEM privileges by running a specially crafted application that exploits an untrusted pointer dereference in the kernel. The vulnerability presents a critical security risk as successful exploitation enables complete system compromise, allowing attackers to bypass security boundaries, modify system data, and gain full administrative control over affected Windows systems. Given that this vulnerability is actively exploited in the wild by sophisticated threat actors and multiple proof-of-concept exploits are publicly available, immediate attention is required.
This vulnerability allows remote attackers to bypass the SmartScreen security feature to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<br/>The specific flaw exists within the handling of Internet Shortcut (.URL) files. The issue results from the lack of a security check on chained Internet Shortcut files. An attacker can leverage this vulnerability to execute code in the context of the current user.<br/> Microsoft has issued an update to correct this vulnerability. More details can be found at: <br/><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21412">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21412</a> <br/></td>
Exploit
A critical SmartScreen security bypass vulnerability in Windows allows remote attackers to execute arbitrary code by exploiting insufficient security checks on chained Internet Shortcut (.URL) files. While requiring user interaction to open a malicious file, successful exploitation enables attackers to execute code with current user privileges, potentially leading to system compromise and data theft. The active exploitation of this vulnerability in the wild by multiple malware families and threat actors, combined with its network-based attack vector and low complexity, makes it a significant security risk requiring immediate attention.
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
A remote code execution vulnerability in Windows Pragmatic General Multicast (PGM) allows unauthenticated attackers to execute arbitrary code by sending specially crafted malicious network traffic to vulnerable servers, requiring no user interaction but demanding specific pre-exploitation preparation. Despite the high attack complexity, successful exploitation could grant an attacker complete control over the affected system, enabling data theft, malware deployment, and other malicious activities through the compromised multicast implementation that operates at network layer 4.
Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability
Exploit
A critical elevation of privilege vulnerability in the Microsoft Entra Jira Single-Sign-On Plugin allows unauthenticated remote attackers to modify SAML metadata and configuration settings without requiring user interaction or authentication. The flaw enables attackers to potentially hijack authentication by redirecting SSO to their own tenant, effectively compromising access control and administrative capabilities for the affected Jira instance, making this an especially severe security risk for organizations relying on Azure AD authentication.
Microsoft Outlook Remote Code Execution Vulnerability
Exploit
A critical remote code execution vulnerability in Microsoft Outlook allows unauthenticated attackers to bypass Protected View Protocol through maliciously crafted messages, which can lead to NTLM credential theft and arbitrary code execution, with the Preview Pane serving as an attack vector. The vulnerability enables attackers to gain elevated privileges with full read, write, and delete capabilities, potentially resulting in complete system compromise, data theft, and deployment of malware. Given the availability of multiple proof-of-concept exploits and active exploitation in the wild, this vulnerability poses an immediate risk to organizations using affected versions of Microsoft Office products.
Windows SmartScreen Security Feature Bypass Vulnerability
Exploit
This Windows SmartScreen security feature bypass vulnerability allows attackers to circumvent security protections by exploiting the Mark of the Web (MOTW) mechanism, enabling code injection through specially crafted files downloaded from the internet. When successfully exploited through user interaction with a malicious file, the vulnerability can lead to arbitrary code execution, potentially resulting in data exposure and system availability issues. The bypass of SmartScreen's protective features is particularly concerning as it undermines a critical security control designed to protect users from untrusted internet-sourced files, making this an attractive target for threat actors conducting social engineering attacks.
CVE ID | CVSS Score | Product | Trend | Exploit |
---|---|---|---|---|
CVE-2024-26196Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability | CVSS 4.3 | edge | - | |
CVE-2024-26192Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | CVSS 8.2 | edge | - | |
CVE-2024-26188Microsoft Edge (Chromium-based) Spoofing Vulnerability | CVSS 4.3 | edge | - | |
CVE-2024-21423Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | CVSS 4.8 | edge | - | |
CVE-2024-21420Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | CVSS 8.8 | windows_10_1507 | - | |
CVE-2024-21413Microsoft Outlook Remote Code Execution Vulnerability | CVSS 9.8 | 365_apps | Feb 14, 2024 | |
CVE-2024-21412This vulnerability allows remote attackers to bypass the SmartScreen security feature to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<br/>The specific flaw exists within the handling of Internet Shortcut (.URL) files. The issue results from the lack of a security check on chained Internet Shortcut files. An attacker can leverage this vulnerability to execute code in the context of the current user.<br/> Microsoft has issued an update to correct this vulnerability. More details can be found at: <br/><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21412">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21412</a> <br/></td> | CVSS 8.1 | windows_10_1809 | Feb 13, 2024 | |
CVE-2024-21410Microsoft Exchange Server Elevation of Privilege Vulnerability | CVSS 9.8 | exchange_server | Feb 14, 2024 | |
CVE-2024-21406Windows Printing Service Spoofing Vulnerability | CVSS 7.5 | windows_10_1607 | - | |
CVE-2024-21405Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | CVSS 7 | windows_10_1507 | - | |
CVE-2024-21404.NET Denial of Service Vulnerability | CVSS 7.5 | asp.net_core | - | |
CVE-2024-21403Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | CVSS 9 | azure_cli | - | |
CVE-2024-21402Microsoft Outlook Elevation of Privilege Vulnerability | CVSS 7.1 | 365_apps | - | |
CVE-2024-21401Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability | CVSS 9.8 | entra_jira_sso_plugin | Feb 21, 2024 | |
CVE-2024-21399Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | CVSS 8.3 | edge_chromium | Feb 5, 2024 | |
CVE-2024-21397Microsoft Azure File Sync Elevation of Privilege Vulnerability | CVSS 5.3 | azure_file_sync | - | |
CVE-2024-21396Dynamics 365 Sales Spoofing Vulnerability | CVSS 7.6 | dynamics_365 | - | |
CVE-2024-21395Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | CVSS 8.2 | dynamics_365 | - | |
CVE-2024-21394Dynamics 365 Field Service Spoofing Vulnerability | CVSS 7.6 | dynamics_365 | - | |
CVE-2024-21393Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | CVSS 7.6 | dynamics_365 | - | |
CVE-2024-21391Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | CVSS 8.8 | windows_10_1507 | - | |
CVE-2024-21389Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | CVSS 7.6 | dynamics_365 | - | |
CVE-2024-21386Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET 6.0, ASP.NET 7.0 and, ASP.NET 8.0 . This advisory also provides guidance on what developers can do to update their applications to address this vulnerability. A vulnerability exists in ASP.NET applications using SignalR where a malicious client can result in a denial-of-service. | CVSS 7.5 | asp.net_core | - | |
CVE-2024-21384Microsoft Office OneNote Remote Code Execution Vulnerability | CVSS 7.8 | 365_apps | - | |
CVE-2024-21381Microsoft Azure Active Directory B2C Spoofing Vulnerability | CVSS 6.8 | azure_active_directory | - | |
CVE-2024-21380Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability | CVSS 8 | dynamics_365_business_central | - | |
CVE-2024-21379This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<br/>The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current user.<br/> Microsoft has issued an update to correct this vulnerability. More details can be found at: <br/><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21379">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21379</a> <br/></td> | CVSS 7.8 | 365_apps | - | |
CVE-2024-21378Microsoft Outlook Remote Code Execution Vulnerability | CVSS 8.8 | 365_apps | Mar 11, 2024 | |
CVE-2024-21377Windows DNS Information Disclosure Vulnerability | CVSS 5.5 | windows_10_1507 | - | |
CVE-2024-21376Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability | CVSS 9 | azure_kubernetes_service | - | |
CVE-2024-21375Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | CVSS 8.8 | windows_10_1507 | - | |
CVE-2024-21374Microsoft Teams for Android Information Disclosure | CVSS 5 | teams | - | |
CVE-2024-21372Windows OLE Remote Code Execution Vulnerability | CVSS 8.8 | windows_10_1507 | - | |
CVE-2024-21371This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.<br/>The specific flaw exists within the handling of NTFS junctions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel.<br/> Microsoft has issued an update to correct this vulnerability. More details can be found at: <br/><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21371">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21371</a> <br/></td> | CVSS 7 | windows_10_1507 | - | |
CVE-2024-21370Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | CVSS 8.8 | windows_10_1507 | - | |
CVE-2024-21369Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | CVSS 8.8 | windows_10_1507 | - | |
CVE-2024-21368Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | CVSS 8.8 | windows_10_1507 | - | |
CVE-2024-21367Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | CVSS 8.8 | windows_10_1507 | - | |
CVE-2024-21366Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | CVSS 8.8 | windows_10_1507 | - | |
CVE-2024-21365Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | CVSS 8.8 | windows_10_1507 | - | |
CVE-2024-21364Microsoft Azure Site Recovery Elevation of Privilege Vulnerability | CVSS 9.3 | azure_site_recovery | - | |
CVE-2024-21363Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | CVSS 7.8 | windows_10_1507 | - | |
CVE-2024-21362Windows Kernel Security Feature Bypass Vulnerability | CVSS 5.5 | windows_10_1507 | - | |
CVE-2024-21361Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | CVSS 8.8 | windows_10_1507 | - | |
CVE-2024-21360Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | CVSS 8.8 | windows_10_1507 | - | |
CVE-2024-21359Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | CVSS 8.8 | windows_10_1507 | - | |
CVE-2024-21358Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | CVSS 8.8 | windows_10_1507 | - | |
CVE-2024-21357Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | CVSS 8.1 | windows_10_1507 | - | |
CVE-2024-21356Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | CVSS 6.5 | windows_10_1507 | - | |
CVE-2024-21355Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | CVSS 7 | windows_10_1507 | - | |
CVE-2024-21354Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | CVSS 7.8 | windows_10_1507 | - | |
CVE-2024-21353Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability | CVSS 8.8 | windows_server_2022_23h2 | - | |
CVE-2024-21352Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | CVSS 8.8 | windows_10_1507 | - | |
CVE-2024-21351Windows SmartScreen Security Feature Bypass Vulnerability | CVSS 7.6 | windows_10_1507 | Feb 13, 2024 | |
CVE-2024-21350Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | CVSS 8.8 | windows_10_1507 | - | |
CVE-2024-21349Microsoft ActiveX Data Objects Remote Code Execution Vulnerability | CVSS 8.8 | windows_10_1507 | - | |
CVE-2024-21348Internet Connection Sharing (ICS) Denial of Service Vulnerability | CVSS 7.5 | windows_10_1507 | - | |
CVE-2024-21347Microsoft ODBC Driver Remote Code Execution Vulnerability | CVSS 7.5 | windows_10_1507 | - | |
CVE-2024-21346Win32k Elevation of Privilege Vulnerability | CVSS 7.8 | windows_11_21h2 | - | |
CVE-2024-21345Windows Kernel Elevation of Privilege Vulnerability | CVSS 8.8 | windows_server_2022_23h2 | Apr 26, 2024 | |
CVE-2024-21344Windows Network Address Translation (NAT) Denial of Service Vulnerability | CVSS 5.9 | windows_10_1507 | - | |
CVE-2024-21343Windows Network Address Translation (NAT) Denial of Service Vulnerability | CVSS 7.5 | windows_10_1507 | - | |
CVE-2024-21342Windows DNS Client Denial of Service Vulnerability | CVSS 7.5 | windows_11_22h2 | - | |
CVE-2024-21341Windows Kernel Remote Code Execution Vulnerability | CVSS 6.8 | windows_10_1809 | - | |
CVE-2024-21340Windows Kernel Information Disclosure Vulnerability | CVSS 4.6 | windows_10_1507 | - | |
CVE-2024-21339Windows USB Generic Parent Driver Remote Code Execution Vulnerability | CVSS 6.4 | windows_10_1809 | - | |
CVE-2024-21338Windows Kernel Elevation of Privilege Vulnerability | CVSS 7.8 | cyber_security | Feb 28, 2024 | |
CVE-2024-21329Azure Connected Machine Agent Elevation of Privilege Vulnerability | CVSS 7.3 | azure_connected_machine_agent | - | |
CVE-2024-21328Dynamics 365 Sales Spoofing Vulnerability | CVSS 7.6 | dynamics_365 | - | |
CVE-2024-21327Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability | CVSS 7.6 | dynamics_365 | - | |
CVE-2024-21315Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability | CVSS 7.8 | defender_for_endpoint | - | |
CVE-2024-21304Trusted Compute Base Elevation of Privilege Vulnerability | CVSS 4.1 | windows_10_1809 | - | |
CVE-2024-20695Skype for Business Information Disclosure Vulnerability | CVSS 5.7 | skype_for_business_server | - | |
CVE-2024-20684Windows Hyper-V Denial of Service Vulnerability | CVSS 6.5 | windows_11_21h2 | - | |
CVE-2024-20679Azure Stack Hub Spoofing Vulnerability | CVSS 6.5 | azure_stack_hub | - | |
CVE-2024-20673Microsoft Office Remote Code Execution Vulnerability | CVSS 7.8 | excel | - | |
CVE-2024-20667Azure DevOps Server Remote Code Execution Vulnerability | CVSS 7.5 | azure_devops_server | - |