FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

Exploit
CVE-2024-38226

Protection Mechanism Failure (CWE-693)

Published: Sep 10, 2024

010
CVSS 7.3EPSS 0.14%High
CVE info copied to clipboard

Summary

Microsoft Publisher has a security feature bypass vulnerability. This vulnerability is categorized as HIGH severity with a CVSS v3.1 base score of 7.3. The attack vector is LOCAL, requires user interaction, and can be executed with low privileges. The vulnerability impacts confidentiality, integrity, and availability, all rated as HIGH.

Impact

If exploited, this vulnerability could allow an attacker to bypass security features in Microsoft Publisher. The attacker could potentially gain unauthorized access to sensitive information, modify data, or disrupt the availability of the system. Given the HIGH impact on confidentiality, integrity, and availability, successful exploitation could lead to significant compromise of the affected system's security. The vulnerability is actively being exploited in the wild and was added to the CISA Known Exploited Vulnerability list.

Exploitation

There is no evidence that a public proof-of-concept exists. The vulnerability is actively being exploited in the wild and was added to the CISA Known Exploited Vulnerability list. Its exploitation has been reported by various sources, including anoopcnair.com.

Patch

A patch is available for this vulnerability. Microsoft released the patch on September 10, 2024.

Mitigation

1. Apply the security update provided by Microsoft as soon as possible. 2. Limit user privileges to reduce the impact of potential exploitation. 3. Implement the principle of least privilege for users who need to work with Microsoft Publisher. 4. Educate users about the risks of interacting with untrusted files or links, as the vulnerability requires user interaction. 5. Consider using application whitelisting or other security measures to prevent unauthorized execution of files. 6. Monitor systems for any suspicious activities that might indicate exploitation attempts.

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

Timeline

Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (110476)

Sep 10, 2024 at 7:53 AM
CVSS

A CVSS base score of 7.3 has been assigned.

Sep 10, 2024 at 4:55 PM / microsoft
First Article

Feedly found the first article mentioning CVE-2024-38226. See article

Sep 10, 2024 at 5:00 PM / Microsoft Security Advisories - MSRC
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Sep 10, 2024 at 5:01 PM
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Sep 10, 2024 at 5:06 PM
CVE Assignment

NVD published the first details for CVE-2024-38226

Sep 10, 2024 at 5:15 PM
Exploitation in the Wild

Attacks in the wild have been reported by HTMD Community Modern Device Management News & Guides. See article

Sep 10, 2024 at 6:05 PM / HTMD Community Modern Device Management News & Guides
Exploitation in the Wild

Attacks in the wild have been reported by CISA Known Exploited Vulnerability.

Sep 10, 2024 at 6:06 PM / CISA Known Exploited Vulnerability
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (206892)

Sep 10, 2024 at 11:17 PM
Static CVE Timeline Graph

Affected Systems

Microsoft/office
+null more

Proof Of Exploit

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38226
+null more

Patches

Microsoft
+null more

Links to Mitre Att&cks

T1574.010: Services File Permissions Weakness
+null more

Attack Patterns

CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
+null more

References

September 2024 Security Updates - Release Notes - Security Update Guide - Microsoft
Microsoft Security Response Center / 2mo
Windows TCP/IP CVE-2024-21416 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No SQL Server CVE-2024-26186 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No SQL Server CVE-2024-26191 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Security Zone Mapping CVE-2024-30073 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No SQL Server CVE-2024-37335 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No SQL Server CVE-2024-37337 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C Exploitation Less Likely Yes No No SQL Server CVE-2024-37338 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No SQL Server CVE-2024-37339 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No SQL Server CVE-2024-37340 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No SQL Server CVE-2024-37341 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No SQL Server CVE-2024-37342 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C Exploitation Less Likely Yes No No SQL Server CVE-2024-37965 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No SQL Server CVE-2024-37966 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C Exploitation Less Likely Yes No No SQL Server CVE-2024-37980 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Installer CVE-2024-38014 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Detected Yes No No Microsoft Office SharePoint CVE-2024-38018 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Windows TCP/IP CVE-2024-38045 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows PowerShell CVE-2024-38046 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Network Address Translation (NAT) CVE-2024-38119 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Azure Network Watcher CVE-2024-38188 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Azure Web Apps CVE-2024-38194 8.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Azure Stack CVE-2024-38216 8.2 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Mark of the Web (MOTW) CVE-2024-38217 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C Exploitation Detected Yes No No Azure Stack CVE-2024-38220 9.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Dynamics Business Central CVE-2024-38225 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Microsoft Office Publisher CVE-2024-38226 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Detected Yes No No Microsoft Office SharePoint CVE-2024-38227 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Microsoft Office SharePoint CVE-2024-38228 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Windows Standards-Based Storage Management Service CVE-2024-38230 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No Windows Remote Desktop Licensing Service CVE-2024-38231 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Network Virtualization CVE-2024-38232 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No Windows Network Virtualization CVE-2024-38233 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No Windows Network Virtualization CVE-2024-38234 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Role: Windows Hyper-V CVE-2024-38235 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows DHCP Server CVE-2024-38236 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No Microsoft Streaming Service CVE-2024-38237 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Microsoft Streaming Service CVE-2024-38238 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Windows Kerberos CVE-2024-38239 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Remote Access Connection Manager CVE-2024-38240 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Microsoft Streaming Service CVE-2024-38241 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Microsoft Streaming Service CVE-2024-38242 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Microsoft Streaming Service CVE-2024-38243 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Microsoft Streaming Service CVE-2024-38244 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Microsoft Streaming Service CVE-2024-38245 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Windows Win32K - GRFX CVE-2024-38246 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Microsoft Graphics Component CVE-2024-38247 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Windows Storage CVE-2024-38248 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Exploitation Less Likely Yes No No Microsoft Graphics Component CVE-2024-38249 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Microsoft Graphics Component CVE-2024-38250 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Win32K - ICOMP CVE-2024-38252 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Windows Win32K - ICOMP CVE-2024-38253 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Windows Authentication Methods CVE-2024-38254 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Kernel-Mode Drivers CVE-2024-38256 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows AllJoyn API CVE-2024-38257 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Remote Desktop Licensing Service CVE-2024-38258 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Microsoft Management Console CVE-2024-38259 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Remote Desktop Licensing Service CVE-2024-38260 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Remote Desktop Licensing Service CVE-2024-38263 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Remote Desktop Licensing Service CVE-2024-43454 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Remote Desktop Licensing Service CVE-2024-43455 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Setup and Deployment CVE-2024-43457 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Windows Network Virtualization CVE-2024-43458 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows MSHTML Platform CVE-2024-43461 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Microsoft Office Visio CVE-2024-43463 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Microsoft Office SharePoint CVE-2024-43464 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Microsoft Office Excel CVE-2024-43465 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Microsoft Office SharePoint CVE-2024-43466 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No Windows Remote Desktop Licensing Service CVE-2024-43467 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Azure CycleCloud CVE-2024-43469 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Azure Network Watcher CVE-2024-43470 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No SQL Server CVE-2024-43474 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Admin Center CVE-2024-43475 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Microsoft Dynamics 365 (on-premises) CVE-2024-43476 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Power Automate CVE-2024-43479 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Microsoft Outlook for iOS CVE-2024-43482 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Mark of the Web (MOTW) CVE-2024-43487 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C Exploitation More Likely Yes No No Windows Update CVE-2024-43491 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Detected Yes No No Microsoft AutoUpdate (MAU) CVE-2024-43492 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Libarchive CVE-2024-43495 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
Microsoft Publisher Security Feature Bypass Vulnerability
Microsoft Security Advisories - MSRC / 2mo
How could an attacker exploit this security feature bypass vulnerability? What kind of security feature could be bypassed by successfully exploiting this vulnerability?
CVE-2024-38226 – Microsoft Publisher Security Vulnerability – September 2024
TrueFort / 54d
Critical vulnerability (CVE-2024-38226) in Microsoft Publisher allows attackers to exploit file manipulation, resulting in potential privilege escalation or remote code execution. Users reliant on Publisher as part of their document and publication workflows are at heightened risk, as the vulnerability can be exploited via malicious files that bypass standard security controls.
See 3 more references

News

Peek into Monthly Vulnerabilities: October 2024
ThreatMon Blog / 7d
Impact : Exploiting this vulnerability can result in remote code execution, which can lead to full system compromise, data theft, or service disruption. Several key Common Vulnerabilities and Exposures (CVEs) were published during this month, which could potentially grant attackers easy access to target systems.
Amnesia Stealer
ThreatMon Blog / 22d
Impact : Exploiting this vulnerability can result in remote code execution, which can lead to full system compromise, data theft, or service disruption. Several key Common Vulnerabilities and Exposures (CVEs) were published during this month, which could potentially grant attackers easy access to target systems.
Snac Fediverse Instance
Welcome to snac.bsd.cafe / 46d
You can have an updated security advisory, as a treat: Multiple Cisco Products Web-Based Management Interface Privilege Escalation Vulnerability CVE-2024-20381 (8.8 high, disclosed 11 September 2024) was updated for "Clarified affected products and vulnerable configuration." CVE-2024-43491 ( 9.8 critical ) Microsoft Windows Update Remote Code Execution Vulnerability (EXPLOITED)
Peek into Monthly Vulnerabilities: September 2024
ThreatMon Blog / 47d
Impact : Exploiting this vulnerability can result in remote code execution, which can lead to full system compromise, data theft, or service disruption. Several key Common Vulnerabilities and Exposures (CVEs) were published during this month, which could potentially grant attackers easy access to target systems.
September 2024 Patch Tuesday: Four Zero-Days and Seven Critical Vulnerabilities Amid 79 CVEs
Recent-Articles / 49d
Severity CVSS Score CVE Description Critical 9.8 CVE-2024-43491 Microsoft Windows Update Remote Code Execution Vulnerability Microsoft Windows Update received a patch for CVE-2024-43491, which has a severity of Critical and a CVSS score of 9.8 .
See 216 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:Required
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

CVSS 7.3(51562)CWE-693(203)Microsoft(12100)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial