October 2024 Patch Tuesday: 10 Critical Vulnerabilities Amid 130 CVEs

Published on Oct 8, 2024 • Last updated on Nov 15, 2024

Total vulnerabilities
130
Critical vulnerabilities
10
Exploited vulnerabilities
3

October 2024 Risk Analysis

Most impacted products
Windows Mobile Broadband
12%
Windows Routing and Remote Access Service (RRAS)
9%
Microsoft Edge (Chromium-based)
7%
Windows Kernel
5%
Role: Windows Hyper-V
3%

No attribution of malware families available at the moment.

Attribution of Threat Actors
Void Banshee
100%

Critical Vulnerabilities

CVE-2024-43572

Microsoft Management Console Remote Code Execution Vulnerability

CVSS 7.8CWE-707

Exploit

A critical vulnerability in Microsoft Management Console enables remote code execution through specially crafted MSC files, requiring user interaction but no elevated privileges to exploit. When successfully exploited, this flaw allows attackers to achieve complete compromise of system confidentiality, integrity, and availability with the same privileges as the user running the Management Console. Given that this vulnerability is being actively exploited in the wild and has been added to CISA's Known Exploited Vulnerabilities catalog, immediate patching is essential to prevent unauthorized code execution and potential system compromise.

CVE-2024-43517

Microsoft ActiveX Data Objects Remote Code Execution Vulnerability

CVSS 8.8CWE-122

A remote code execution vulnerability in Microsoft ActiveX Data Objects allows attackers to execute arbitrary code by tricking users into connecting to a malicious SQL database server through their SQL client application. The vulnerability can lead to complete system compromise with the same privileges as the authenticated victim, potentially exposing sensitive data, modifying system files, or disrupting system availability if the user has elevated permissions. Given the low attack complexity and high impact across confidentiality, integrity, and availability metrics, this vulnerability presents a significant risk despite requiring user interaction for successful exploitation.

CVE-2024-38265

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVSS 8.8CWE-122CWE-126CWE-20

A critical remote code execution vulnerability in Windows Routing and Remote Access Service (RRAS) allows unauthenticated attackers to send specially crafted protocol messages to the RRAS server, potentially gaining complete system control. The attack scenario requires an admin user to connect to a malicious server, which can then execute arbitrary commands on the client machine without consent, potentially leading to full system compromise including unauthorized access, data manipulation, and service disruption. This vulnerability poses a significant risk to enterprise environments due to RRAS's widespread use in remote access scenarios and the minimal requirements for exploitation.

CVE-2024-43468

Microsoft Configuration Manager Remote Code Execution Vulnerability

CVSS 9.8CWE-89

This critical SQL injection vulnerability in Microsoft Configuration Manager allows unauthenticated attackers to execute arbitrary code remotely through specially crafted network requests, requiring no user interaction or special privileges. The flaw enables complete system compromise, potentially granting attackers full control over the affected server and its underlying database, with severe impacts on system confidentiality, integrity, and availability. Given the network-based attack vector and low complexity of exploitation, this vulnerability poses an immediate risk to exposed Configuration Manager installations, particularly as it can be weaponized without user involvement.

CVE-2024-43488

<p>Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector.</p>

CVSS 8.8CWE-306

A critical authentication bypass vulnerability in the deprecated Visual Studio Code extension for Arduino enables unauthenticated attackers to achieve remote code execution through network-based attacks, requiring no user interaction. This severe security flaw could lead to complete system compromise, allowing attackers to gain full control over affected systems with the ability to access sensitive data, modify system configurations, and disrupt operations. Given that Microsoft has deprecated this extension and will not be issuing patches, organizations should transition to the official Arduino IDE to eliminate this security risk.

CVE-2024-43453

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVSS 8.8CWE-122

A heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) enables remote code execution when an authenticated user connects to a malicious server, requiring no special privileges to exploit. The vulnerability allows attackers to execute arbitrary code with the same privileges as the logged-in user, potentially leading to unauthorized data access, system modification, and service disruption across multiple Windows Server versions. This serious security flaw represents a significant risk to enterprise networks given RRAS's widespread use in remote access scenarios and the low complexity of exploitation.

CVE-2024-43573

Windows MSHTML Platform Spoofing Vulnerability

CVSS 6.5CWE-79

Exploit

A critical spoofing vulnerability in the Windows MSHTML Platform enables cross-site scripting attacks through network-based vectors, requiring user interaction for exploitation. The flaw affects the platform used by Internet Explorer mode in Microsoft Edge and other applications through WebBrowser control, potentially allowing attackers to access sensitive information, hijack sessions, or conduct phishing attacks. This vulnerability is particularly concerning as it is being actively exploited in the wild and could enable attackers to present false information or impersonate trusted entities across multiple Windows versions.

CVE-2024-38124

Windows Netlogon Elevation of Privilege Vulnerability

CVSS 9CWE-287

A critical Windows Netlogon elevation of privilege vulnerability allows an authenticated attacker with LAN access to potentially gain domain administrator privileges by exploiting a flaw in domain controller name validation during secure channel establishment. The attack enables a scope change beyond the vulnerable component's security boundary, where an attacker can predict and impersonate a new domain controller's name, posing a severe risk of complete domain compromise through the manipulation of authentication mechanisms. This vulnerability is particularly dangerous as it requires minimal privileges to exploit, has no user interaction requirements, and could lead to a total breach of confidentiality, integrity, and availability across the entire domain infrastructure.

CVE-2024-38179

Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege Vulnerability

CVSS 8.8CWE-862

A local elevation of privilege vulnerability in Azure Stack Hyperconverged Infrastructure (HCI) allows attackers with basic user privileges to compromise unencrypted service principal for managed identities, enabling unauthorized service management operations in hybrid cloud environments. The attacker can gain the same privileges as the compromised managed identity, potentially leading to unauthorized access and control over resources the managed identity is permitted to manage. This vulnerability is particularly critical due to its ability to change scope, allowing an attacker to extend their reach beyond the initial compromise point and affect multiple resources within the hybrid cloud infrastructure.

CVE-2024-38212

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVSS 8.8CWE-122

A critical heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) enables unauthenticated attackers to achieve remote code execution through specially crafted protocol messages when users connect to a compromised server. The vulnerability allows attackers to execute arbitrary code with elevated privileges on the target system, potentially leading to full system compromise with the ability to view, modify, or delete data and create accounts with full user rights. Given the widespread deployment of RRAS in enterprise environments and the relatively low complexity of exploitation despite requiring user interaction, this vulnerability poses a significant risk to organizational security.

All vulnerabilities

CVE ID
CVSS Score
ProductTrend
Exploit
CVE-2024-49023Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVSS 5.9-
CVE-2024-43616Microsoft Office Remote Code Execution Vulnerability
CVSS 7.8

365_apps

+2 more

-
CVE-2024-43615Microsoft OpenSSH for Windows Remote Code Execution Vulnerability
CVSS 7.1

windows

+10 more

-
CVE-2024-43614Microsoft Defender for Endpoint for Linux Spoofing Vulnerability
CVSS 5.5

defender_for_endpoint

-
CVE-2024-43612Power BI Report Server Spoofing Vulnerability
CVSS 6.9

power_bi_report_server

-
CVE-2024-43611Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS 8.8

windows

+6 more

-
CVE-2024-43610<p>Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector</p>
CVSS 7.4--
CVE-2024-43609Microsoft Office Spoofing Vulnerability
CVSS 6.5

365_apps

+2 more

-
CVE-2024-43608Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS 8.8

windows

+6 more

-
CVE-2024-43607Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS 8.8

windows

+6 more

-
CVE-2024-43604Outlook for Android Elevation of Privilege Vulnerability
CVSS 5.7

outlook

-
CVE-2024-43603Visual Studio Collector Service Denial of Service Vulnerability
CVSS 5.5

visual_studio

+3 more

-
CVE-2024-43601Visual Studio Code for Linux Remote Code Execution Vulnerability
CVSS 7.8

visual_studio_code

-
CVE-2024-43599Remote Desktop Client Remote Code Execution Vulnerability
CVSS 8.8

remote_desktop

+15 more

-
CVE-2024-43596Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVSS 6.5-
CVE-2024-43595Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVSS 6.5-
CVE-2024-43593Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS 8.8

windows

+6 more

-
CVE-2024-43592Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS 8.8

windows

+6 more

-
CVE-2024-43591Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability
CVSS 8.7

azure-cli

+2 more

-
CVE-2024-43590Visual C++ Redistributable Installer Elevation of Privilege Vulnerability
CVSS 7.8

visual_c

+3 more

-
CVE-2024-43589Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS 8.8

windows

+6 more

-
CVE-2024-43587Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVSS 5.9-
CVE-2024-43585Code Integrity Guard Security Feature Bypass Vulnerability
CVSS 5.5

windows

+10 more

-
CVE-2024-43584Windows Scripting Engine Security Feature Bypass Vulnerability
CVSS 7.7

windows

+6 more

-
CVE-2024-43583Winlogon Elevation of Privilege Vulnerability
CVSS 7.8

windows

+15 more

-
CVE-2024-43582Remote Desktop Protocol Server Remote Code Execution Vulnerability
CVSS 8.1

remote_desktop_protocol

+10 more

-
CVE-2024-43581Microsoft OpenSSH for Windows Remote Code Execution Vulnerability
CVSS 7.1

windows

+10 more

-
CVE-2024-43580Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVSS 5.4-
CVE-2024-43579Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVSS 7.6-
CVE-2024-43578Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVSS 7.6-
CVE-2024-43577Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVSS 4.3

edge

-
CVE-2024-43576Microsoft Office Remote Code Execution Vulnerability
CVSS 7.8

365_apps

+2 more

-
CVE-2024-43575Windows Hyper-V Denial of Service Vulnerability
CVSS 7.5

windows_server

+4 more

-
CVE-2024-43574Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability
CVSS 8.3

remote

+8 more

-
CVE-2024-43573Windows MSHTML Platform Spoofing Vulnerability
CVSS 6.5

windows

+17 more

Oct 8, 2024
CVE-2024-43572Microsoft Management Console Remote Code Execution Vulnerability
CVSS 7.8

remote

+19 more

Oct 8, 2024
CVE-2024-43571Sudo for Windows Spoofing Vulnerability
CVSS 5.6

windows_11

+1 more

-
CVE-2024-43570Windows Kernel Elevation of Privilege Vulnerability
CVSS 6.4

windows

+15 more

-
CVE-2024-43567Windows Hyper-V Denial of Service Vulnerability
CVSS 7.5

windows_server_2012

+4 more

-
CVE-2024-43566Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVSS 7.5-
CVE-2024-43565Windows Network Address Translation (NAT) Denial of Service Vulnerability
CVSS 7.5

windows

+13 more

-
CVE-2024-43564Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS 8.8

windows

+6 more

-
CVE-2024-43563Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVSS 7.8

windows

+14 more

-
CVE-2024-43562Windows Network Address Translation (NAT) Denial of Service Vulnerability
CVSS 7.5

windows

+13 more

-
CVE-2024-43561Windows Mobile Broadband Driver Denial of Service Vulnerability
CVSS 6.5

windows_10_1809

+9 more

-
CVE-2024-43560Microsoft Windows Storage Port Driver Elevation of Privilege Vulnerability
CVSS 7.8

windows

+14 more

-
CVE-2024-43559Windows Mobile Broadband Driver Denial of Service Vulnerability
CVSS 6.5

windows_10_1809

+9 more

-
CVE-2024-43558Windows Mobile Broadband Driver Denial of Service Vulnerability
CVSS 6.5

windows_10_1809

+9 more

-
CVE-2024-43557Windows Mobile Broadband Driver Denial of Service Vulnerability
CVSS 6.5

windows_10_1809

+9 more

-
CVE-2024-43556Windows Graphics Component Elevation of Privilege Vulnerability
CVSS 7.8

windows

+15 more

-
CVE-2024-43555Windows Mobile Broadband Driver Denial of Service Vulnerability
CVSS 6.5

windows_10_1809

+9 more

-
CVE-2024-43554Windows Kernel-Mode Driver Information Disclosure Vulnerability
CVSS 5.5

windows

+13 more

-
CVE-2024-43553NT OS Kernel Elevation of Privilege Vulnerability
CVSS 7.4

windows_10_1507

+15 more

-
CVE-2024-43552Windows Shell Remote Code Execution Vulnerability
CVSS 7.3

windows

+4 more

-
CVE-2024-43551Windows Storage Elevation of Privilege Vulnerability
CVSS 7.8

windows

+12 more

-
CVE-2024-43550Windows Secure Channel Spoofing Vulnerability
CVSS 7.4

windows

+14 more

-
CVE-2024-43549Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS 8.8

windows

+6 more

-
CVE-2024-43547Windows Kerberos Information Disclosure Vulnerability
CVSS 6.5

windows

+15 more

-
CVE-2024-43546Windows Cryptographic Information Disclosure Vulnerability
CVSS 5.6

windows

+8 more

-
CVE-2024-43545Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability
CVSS 7.5

windows

+6 more

-
CVE-2024-43544Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability
CVSS 7.5-
CVE-2024-43543Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVSS 6.8

windows_10_1809

+9 more

-
CVE-2024-43542Windows Mobile Broadband Driver Denial of Service Vulnerability
CVSS 6.5

windows_10_1809

+9 more

-
CVE-2024-43541Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability
CVSS 7.5-
CVE-2024-43540Windows Mobile Broadband Driver Denial of Service Vulnerability
CVSS 6.5

windows_10_1809

+9 more

-
CVE-2024-43538Windows Mobile Broadband Driver Denial of Service Vulnerability
CVSS 6.5

windows_10_1809

+9 more

-
CVE-2024-43537Windows Mobile Broadband Driver Denial of Service Vulnerability
CVSS 6.5

windows_10_1809

+9 more

-
CVE-2024-43536Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVSS 6.8

windows_10_1809

+9 more

-
CVE-2024-43535Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVSS 7

windows

+15 more

-
CVE-2024-43534Windows Graphics Component Information Disclosure Vulnerability
CVSS 6.5

windows

+15 more

-
CVE-2024-43533Remote Desktop Client Remote Code Execution Vulnerability
CVSS 8.8

windows_11_21h2

+5 more

-
CVE-2024-43532Remote Registry Service Elevation of Privilege Vulnerability
CVSS 8.8

remote

+15 more

Oct 22, 2024
CVE-2024-43529Windows Print Spooler Elevation of Privilege Vulnerability
CVSS 7.3

windows

+8 more

-
CVE-2024-43528Windows Secure Kernel Mode Elevation of Privilege Vulnerability
CVSS 7.8

windows

+10 more

-
CVE-2024-43527Windows Kernel Elevation of Privilege Vulnerability
CVSS 7.8

access

+1 more

-
CVE-2024-43526Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVSS 6.8

windows_10_1809

+9 more

-
CVE-2024-43525Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVSS 6.8

windows_10_1809

+9 more

-
CVE-2024-43524Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVSS 6.8

windows_10_1809

+9 more

-
CVE-2024-43523Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVSS 6.8

windows_10_1809

+9 more

-
CVE-2024-43522Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability
CVSS 7

windows

+2 more

-
CVE-2024-43521Windows Hyper-V Denial of Service Vulnerability
CVSS 7.5

windows_server_2012

+4 more

-
CVE-2024-43520Windows Kernel Denial of Service Vulnerability
CVSS 5

windows

+15 more

-
CVE-2024-43519Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVSS 8.8

windows_10_1507

+15 more

-
CVE-2024-43518Windows Telephony Server Remote Code Execution Vulnerability
CVSS 8.8

windows

+15 more

-
CVE-2024-43517Microsoft ActiveX Data Objects Remote Code Execution Vulnerability
CVSS 8.8

activex

+15 more

-
CVE-2024-43516Windows Secure Kernel Mode Elevation of Privilege Vulnerability
CVSS 7.8

windows

+13 more

-
CVE-2024-43515Internet Small Computer Systems Interface (iSCSI) Denial of Service Vulnerability
CVSS 7.5-
CVE-2024-43514Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
CVSS 7.8

windows

+14 more

-
CVE-2024-43513BitLocker Security Feature Bypass Vulnerability
CVSS 6.4

bitlocker

+14 more

-
CVE-2024-43512Windows Standards-Based Storage Management Service Denial of Service Vulnerability
CVSS 6.5

windows_server

+4 more

-
CVE-2024-43511Windows Kernel Elevation of Privilege Vulnerability
CVSS 7

windows

+13 more

-
CVE-2024-43509Windows Graphics Component Elevation of Privilege Vulnerability
CVSS 7.8

windows

+15 more

-
CVE-2024-43508Windows Graphics Component Information Disclosure Vulnerability
CVSS 5.5

windows_11_22h2

+3 more

-
CVE-2024-43506BranchCache Denial of Service Vulnerability
CVSS 7.5

windows

+15 more

-
CVE-2024-43505Microsoft Office Visio Remote Code Execution Vulnerability
CVSS 7.8

365_apps

+3 more

-
CVE-2024-43504Microsoft Excel Remote Code Execution Vulnerability
CVSS 7.8

365_apps

+3 more

-
CVE-2024-43503Microsoft SharePoint Elevation of Privilege Vulnerability
CVSS 7.8

sharepoint_server

-
CVE-2024-43502Windows Kernel Elevation of Privilege Vulnerability
CVSS 7.1

windows_10_1809

+3 more

-
CVE-2024-43501Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVSS 7.8

windows

+15 more

-
CVE-2024-43500Windows Resilient File System (ReFS) Information Disclosure Vulnerability
CVSS 5.5

windows

+4 more

-
CVE-2024-43497DeepSpeed Remote Code Execution Vulnerability
CVSS 8.4

deepspeed

+1 more

-
CVE-2024-43488<p>Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector.</p>
CVSS 8.8

arduino

+1 more

-
CVE-2024-43485Microsoft is releasing this security advisory to provide information about a vulnerability in System.Text.Json 6.0.x and 8.0.x. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. In System.Text.Json 6.0.x and 8.0.x, applications which deserialize input to a model with an [ExtensionData] property can be vulnerable to an algorithmic complexity attack resulting in Denial of Service.
CVSS 7.5-
CVE-2024-43484Microsoft is releasing this security advisory to provide information about a vulnerability in System.IO.Packaging. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. The System.IO.Packaging library may allow untrusted inputs to influence algorithmically complex operations, leading to denial of service.
CVSS 7.5-
CVE-2024-43483Microsoft is releasing this security advisory to provide information about a vulnerability in System.Security.Cryptography.Cose, System.IO.Packaging, System.Runtime.Caching. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. System.Security.Cryptography.Cose, System.IO.Packaging, System.Runtime.Caching may be exposed to a hostile input which may lead them to be susceptible to hash flooding attacks resulting in denial of service.
CVSS 7.5-
CVE-2024-43481Power BI Report Server Spoofing Vulnerability
CVSS 6.5

power_bi_report_server

-
CVE-2024-43480Azure Service Fabric for Linux Remote Code Execution Vulnerability
CVSS 6.6

azure_service_fabric

-
CVE-2024-43468Microsoft Configuration Manager Remote Code Execution Vulnerability
CVSS 9.8

remote

-
CVE-2024-43456Windows Remote Desktop Services Tampering Vulnerability
CVSS 4.8

windows

+6 more

-
CVE-2024-43453Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS 8.8

windows

+6 more

-
CVE-2024-38265Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS 8.8

windows

+6 more

-
CVE-2024-38262Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
CVSS 7.5

windows

+6 more

-
CVE-2024-38261Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS 7.8

windows

+6 more

-
CVE-2024-38229Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0 and .NET 9.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in ASP.NET when closing an HTTP/3 stream while application code is writing to the response body, a race condition may lead to use-after-free. Note: HTTP/3 is experimental in .NET 6.0. If you are on .NET 6.0 and using HTTP/3, please upgrade to .NET 8.0.10. .NET 6.0 will not receive a security patch for this vulnerability.
CVSS 8.1-
CVE-2024-38212Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVSS 8.8

windows

+6 more

-
CVE-2024-38204<p>Improper Access Control in Imagine Cup allows an authorized attacker to elevate privileges over a network.</p>
CVSS 7.5

azure_functions

-
CVE-2024-38190<p>Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector.</p>
CVSS 8.6

power_platform

-
CVE-2024-38179Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege Vulnerability
CVSS 8.8

azure_stack

+1 more

-
CVE-2024-38149BranchCache Denial of Service Vulnerability
CVSS 7.5

windows

+15 more

-
CVE-2024-38139<p>Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.</p>
CVSS 8.7

dataverse

-
CVE-2024-38129Windows Kerberos Elevation of Privilege Vulnerability
CVSS 7.5

windows

+1 more

-
CVE-2024-38124Windows Netlogon Elevation of Privilege Vulnerability
CVSS 9

windows

+6 more

-
CVE-2024-38097Azure Monitor Agent Elevation of Privilege Vulnerability
CVSS 7.1

azure_monitor_agent

-
CVE-2024-38029Microsoft OpenSSH for Windows Remote Code Execution Vulnerability
CVSS 7.5

windows

+1 more

-
CVE-2024-37983Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability
CVSS 6.7

windows

+14 more

-
CVE-2024-37982Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability
CVSS 6.7

windows

+14 more

-
CVE-2024-37979Windows Kernel Elevation of Privilege Vulnerability
CVSS 6.7

windows_server

+4 more

-
CVE-2024-37976Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability
CVSS 6.7

windows

+14 more

-
CVE-2024-30092Windows Hyper-V Remote Code Execution Vulnerability
CVSS 8

windows

-
CVE-2024-20659Windows Hyper-V Security Feature Bypass Vulnerability
CVSS 7.1

windows

-