August 2024 Security Updates Security Update secure@microsoft.com The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc. 2024-Aug 2024-Aug Final 1.0 535 2026-05-22T01:43:33 August 2024 Security Updates 2024-08-13T07:00:00 2026-05-22T01:43:33 <h2 id="this-release-consists-of-the-following-90-microsoft-cves">This release consists of the following 90 Microsoft CVEs:</h2> <table> <thead> <tr> <th>Tag</th> <th>CVE</th> <th>Base Score</th> <th>CVSS Vector</th> <th>Exploitability</th> <th>FAQs?</th> <th>Workarounds?</th> <th>Mitigations?</th> </tr> </thead> <tbody> <tr> <td>Windows Secure Kernel Mode</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21302">CVE-2024-21302</a></td> <td>6.7</td> <td>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kerberos</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-29995">CVE-2024-29995</a></td> <td>8.1</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Windows DNS</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-37968">CVE-2024-37968</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows TCP/IP</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38063">CVE-2024-38063</a></td> <td>9.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38084">CVE-2024-38084</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Connected Machine Agent</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38098">CVE-2024-38098</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Unlikely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38106">CVE-2024-38106</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C</td> <td>Exploitation Detected</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Power Dependency Coordinator</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38107">CVE-2024-38107</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C</td> <td>Exploitation Detected</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Stack</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38108">CVE-2024-38108</a></td> <td>9.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Health Bot</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38109">CVE-2024-38109</a></td> <td>9.1</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows IP Routing Management Snapin</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38114">CVE-2024-38114</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows IP Routing Management Snapin</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38115">CVE-2024-38115</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows IP Routing Management Snapin</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38116">CVE-2024-38116</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows NTFS</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38117">CVE-2024-38117</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Local Security Authority Server (lsasrv)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38118">CVE-2024-38118</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38120">CVE-2024-38120</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38121">CVE-2024-38121</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Local Security Authority Server (lsasrv)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38122">CVE-2024-38122</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Bluetooth Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38123">CVE-2024-38123</a></td> <td>4.4</td> <td>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Streaming Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38125">CVE-2024-38125</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Network Address Translation (NAT)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38126">CVE-2024-38126</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38127">CVE-2024-38127</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38128">CVE-2024-38128</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38130">CVE-2024-38130</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Clipboard Virtual Channel Extension</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38131">CVE-2024-38131</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Network Address Translation (NAT)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38132">CVE-2024-38132</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38133">CVE-2024-38133</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Streaming Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38134">CVE-2024-38134</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows NT OS Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38135">CVE-2024-38135</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Resource Manager</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38136">CVE-2024-38136</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Resource Manager</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38137">CVE-2024-38137</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Deployment Services</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38138">CVE-2024-38138</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Reliable Multicast Transport Driver (RMCAST)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38140">CVE-2024-38140</a></td> <td>9.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows Ancillary Function Driver for WinSock</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38141">CVE-2024-38141</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Secure Kernel Mode</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38142">CVE-2024-38142</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows WLAN Auto Config Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38143">CVE-2024-38143</a></td> <td>4.2</td> <td>CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Streaming Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38144">CVE-2024-38144</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Layer-2 Bridge Network Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38145">CVE-2024-38145</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Layer-2 Bridge Network Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38146">CVE-2024-38146</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DWM Core Library</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38147">CVE-2024-38147</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Transport Security Layer (TLS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38148">CVE-2024-38148</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DWM Core Library</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38150">CVE-2024-38150</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38151">CVE-2024-38151</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft WDAC OLE DB provider for SQL</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38152">CVE-2024-38152</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38153">CVE-2024-38153</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38154">CVE-2024-38154</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Security Center</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38155">CVE-2024-38155</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure IoT SDK</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38157">CVE-2024-38157</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure IoT SDK</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38158">CVE-2024-38158</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Network Virtualization</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38159">CVE-2024-38159</a></td> <td>9.1</td> <td>CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows Network Virtualization</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38160">CVE-2024-38160</a></td> <td>9.1</td> <td>CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows Mobile Broadband</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38161">CVE-2024-38161</a></td> <td>6.8</td> <td>CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Connected Machine Agent</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38162">CVE-2024-38162</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Update Stack</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38163">CVE-2024-38163</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Compressed Folder</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38165">CVE-2024-38165</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Dynamics</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38166">CVE-2024-38166</a></td> <td>8.2</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>.NET and Visual Studio</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38167">CVE-2024-38167</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>.NET and Visual Studio</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38168">CVE-2024-38168</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Visio</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38169">CVE-2024-38169</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38170">CVE-2024-38170</a></td> <td>7.1</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office PowerPoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38171">CVE-2024-38171</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Excel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38172">CVE-2024-38172</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Outlook</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38173">CVE-2024-38173</a></td> <td>6.7</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows App Installer</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38177">CVE-2024-38177</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Scripting</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38178">CVE-2024-38178</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C</td> <td>Exploitation Detected</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows SmartScreen</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38180">CVE-2024-38180</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel-Mode Drivers</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38184">CVE-2024-38184</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel-Mode Drivers</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38185">CVE-2024-38185</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel-Mode Drivers</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38186">CVE-2024-38186</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel-Mode Drivers</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38187">CVE-2024-38187</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Project</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38189">CVE-2024-38189</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C</td> <td>Exploitation Detected</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows Kernel-Mode Drivers</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38191">CVE-2024-38191</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Ancillary Function Driver for WinSock</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38193">CVE-2024-38193</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C</td> <td>Exploitation Detected</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure CycleCloud</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38195">CVE-2024-38195</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Common Log File System Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38196">CVE-2024-38196</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Teams</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38197">CVE-2024-38197</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Print Spooler Components</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38198">CVE-2024-38198</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Line Printer Daemon Service (LPD)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38199">CVE-2024-38199</a></td> <td>9.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38200">CVE-2024-38200</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Azure Stack</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38201">CVE-2024-38201</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Update Stack</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38202">CVE-2024-38202</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Copilot Studio</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38206">CVE-2024-38206</a></td> <td>8.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Dynamics</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38211">CVE-2024-38211</a></td> <td>8.2</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Mark of the Web (MOTW)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38213">CVE-2024-38213</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C</td> <td>Exploitation Detected</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Routing and Remote Access Service (RRAS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38214">CVE-2024-38214</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Cloud Files Mini Filter Driver</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38215">CVE-2024-38215</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38218">CVE-2024-38218</a></td> <td>8.4</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38219">CVE-2024-38219</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Initial Machine Configuration</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38223">CVE-2024-38223</a></td> <td>6.8</td> <td>CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> </tbody> </table> <h2 id="we-are-republishing-12-non-microsoft-cves">We are republishing 12 non-Microsoft CVEs:</h2> <table> <thead> <tr> <th>CNA</th> <th>Tag</th> <th>CVE</th> <th>FAQs?</th> <th>Workarounds?</th> <th>Mitigations?</th> </tr> </thead> <tbody> <tr> <td>Red Hat, Inc.</td> <td>Windows Secure Boot</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-2601">CVE-2022-2601</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Red Hat, Inc.</td> <td>Windows Secure Boot</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-3775">CVE-2022-3775</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Red Hat, Inc.</td> <td>Windows Secure Boot</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-40547">CVE-2023-40547</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-6990">CVE-2024-6990</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-7255">CVE-2024-7255</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-7256">CVE-2024-7256</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-7532">CVE-2024-7532</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-7533">CVE-2024-7533</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-7534">CVE-2024-7534</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-7535">CVE-2024-7535</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-7536">CVE-2024-7536</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-7550">CVE-2024-7550</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> </tbody> </table> <h2 id="security-update-guide-blog-posts">Security Update Guide Blog Posts</h2> <table> <thead> <tr> <th>Date</th> <th>Blog Post</th> </tr> </thead> <tbody> <tr> <td>June 27, 2024</td> <td><a href="https://msrc.microsoft.com/blog/2024/06/toward-greater-transparency-unveiling-cloud-service-cves/">Toward greater transparency: Unveiling Cloud Service CVEs</a></td> </tr> <tr> <td>April 9, 2024</td> <td><a href="https://aka.ms/MSRC-CWE-Blog">Toward greater transparency: Security Update Guide now shares CWEs for CVEs</a></td> </tr> <tr> <td>January 6, 2023</td> <td><a href="https://msrc.microsoft.com/blog/2023/01/publishing-cbl-mariner-cves-on-the-security-update-guide-cvrf-api/">Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API</a></td> </tr> <tr> <td>January 11, 2022</td> <td><a href="https://aka.ms/SUGNotificationProfile">Coming Soon: New Security Update Guide Notification System</a></td> </tr> <tr> <td>February 9, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/02/09/continuing-to-listen-good-news-about-the-security-update-guide-api/">Continuing to Listen: Good News about the Security Update Guide API</a></td> </tr> <tr> <td>January 13, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a></td> </tr> <tr> <td>December 8, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/12/08/security-update-guide-lets-keep-the-conversation-going/">Security Update Guide: Let’s keep the conversation going</a></td> </tr> <tr> <td>November 9, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/">Vulnerability Descriptions in the New Version of the Security Update Guide</a></td> </tr> </tbody> </table> <h2 id="relevant-resources">Relevant Resources</h2> <ul> <li>The new Hotpatching feature is now generally available. Please see <a href="https://docs.microsoft.com/en-us/azure/automanage/automanage-hotpatch?WT.mc_id=modinfra-18529-thmaure">Hotpatching feature for Windows Server Azure Edition virtual machines (VMs)</a> for more information.</li> <li>Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and Windows 11, in addition to non-security updates. The updates are available via the <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a>. For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see <a href="https://docs.microsoft.com/en-us/lifecycle/faq/windows">Windows Lifecycle Facts Sheet</a>.</li> <li>Microsoft is improving Windows Release Notes. For more information, please see <a href="https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-next-for-windows-release-notes/ba-p/1754399">What's next for Windows release notes</a>.</li> <li>A list of the latest servicing stack updates for each operating system can be found in <a href="https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001">ADV990001</a>. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.</li> <li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li> <li>Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See <a href="https://support.microsoft.com/en-us/topic/procedure-to-continue-receiving-security-updates-after-extended-support-ends-on-january-14-2020-48c59204-fe67-3f42-84fc-c3c3145ff28e">4522133</a> for more information.</li> </ul> <h2 id="known-issues">Known Issues</h2> <p>You can see these in more detail from the Deployments tab by selecting <strong>Known Issues</strong> column in the <strong>Edit Columns</strong> panel.</p> <p>For more information about Windows Known Issues, please see <a href="https://docs.microsoft.com/en-us/windows/release-information/windows-message-center">Windows message center</a> (links to currently-supported versions of Windows are in the left pane).</p> <table> <thead> <tr> <th>KB Article</th> <th>Applies To</th> </tr> </thead> <tbody> <tr> <td><a href="https://support.microsoft.com/help/5041160">5041160</a></td> <td>Windows Server 2022</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5041571">5041571</a></td> <td>Windows 11 version 24H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5041578">5041578</a></td> <td>Windows 10, version 1809, Windows Server 2019</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5041580">5041580</a></td> <td>Windows 10, version 21H2, Windows 10, version 22H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5041592">5041592</a></td> <td>Windows 11, version 21H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5041773">5041773</a></td> <td>Windows 10, version 1607, Windows Server 2016</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5041828">5041828</a></td> <td>Windows Server 2012 R2 (Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5041847">5041847</a></td> <td>Windows Server 2008 (Security-only update)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5041850">5041850</a></td> <td>Windows Server 2008 (Monthly Rollup)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5041851">5041851</a></td> <td>Windows Server 2012 (Monthly Rollup)</td> </tr> </tbody> </table> The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Microsoft Edge (Chromium-based) Microsoft Edge for Android Azure Linux 3.0 ARM Azure Linux 3.0 x64 CBL Mariner 1.0 ARM CBL Mariner 1.0 x64 CBL Mariner 2.0 ARM CBL Mariner 2.0 x64 cbl2 kernel 5.15.164.1-1 on CBL Mariner 2.0 azl3 kernel 6.6.43.1-7 on Azure Linux 3.0 azl3 kernel 6.6.35.1-5 on Azure Linux 3.0 Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 11 version 21H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Windows 11 Version 24H2 for ARM64-based Systems Windows 11 Version 24H2 for x64-based Systems Remote Desktop client for Windows Desktop Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Azure Stack Hub Microsoft Entra ID Azure Connected Machine Agent Azure CycleCloud 8.2.0 Azure CycleCloud 8.0.0 Azure CycleCloud 8.6.0 Azure CycleCloud 8.0.1 Azure CycleCloud 8.0.2 Azure CycleCloud 8.1.0 Azure CycleCloud 8.1.1 Azure CycleCloud 8.2.2 Azure CycleCloud 8.2.1 Azure CycleCloud 8.3.0 Azure CycleCloud 8.4.0 Azure CycleCloud 8.4.1 Azure CycleCloud 8.4.2 Azure CycleCloud 8.5.0 Azure CycleCloud 8.6.2 Azure CycleCloud 8.6.1 Azure Health Bot Azure Managed Instance for Apache Cassandra Microsoft Visual Studio 2022 version 17.10 Microsoft Visual Studio 2022 version 17.8 .NET 8.0 Microsoft Visual Studio 2022 version 17.6 Azure IoT Hub Device Client SDK C SDK for Azure IoT Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Office LTSC for Mac 2021 Microsoft Teams for iOS Microsoft OfficePLUS Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft PowerPoint 2016 (32-bit edition) Microsoft PowerPoint 2016 (64-bit edition) Microsoft Outlook 2016 (32-bit edition) Microsoft Outlook 2016 (64-bit edition) Microsoft Project 2016 (32-bit edition) Microsoft Project 2016 (64-bit edition) Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft Copilot Studio App Installer Microsoft Dynamics 365 (on-premises) version 9.1 Dynamics CRM Service Portal Web Resource cbl2 kernel 5.15.162.2-1 on CBL Mariner 2.0 cbl2 kernel 5.15.186.1-1 on CBL Mariner 2.0 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Microsoft PowerPoint 2016 (32-bit edition) Microsoft PowerPoint 2016 (64-bit edition) Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft Project 2016 (32-bit edition) Microsoft Project 2016 (64-bit edition) Microsoft Outlook 2016 (32-bit edition) Microsoft Outlook 2016 (64-bit edition) Windows Server 2016 Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 (Server Core installation) C SDK for Azure IoT Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Azure IoT Hub Device Client SDK Microsoft Edge (Chromium-based) Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Edge for Android Remote Desktop client for Windows Desktop Microsoft Teams for iOS Azure CycleCloud 8.2.0 Microsoft Dynamics 365 (on-premises) version 9.1 Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 11 version 21H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Azure Stack Hub Microsoft Office LTSC for Mac 2021 Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions App Installer Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Azure CycleCloud 8.0.0 CBL Mariner 1.0 x64 CBL Mariner 1.0 ARM CBL Mariner 2.0 x64 CBL Mariner 2.0 ARM Microsoft Visual Studio 2022 version 17.6 Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) .NET 8.0 Azure Connected Machine Agent Microsoft Visual Studio 2022 version 17.8 Microsoft Visual Studio 2022 version 17.10 Azure CycleCloud 8.6.0 Microsoft OfficePLUS Azure Linux 3.0 x64 Azure Linux 3.0 ARM Azure CycleCloud 8.0.1 Azure CycleCloud 8.0.2 Azure CycleCloud 8.1.0 Azure CycleCloud 8.1.1 Azure CycleCloud 8.2.2 Azure CycleCloud 8.2.1 Azure CycleCloud 8.3.0 Azure CycleCloud 8.4.0 Azure CycleCloud 8.4.1 Azure CycleCloud 8.4.2 Azure CycleCloud 8.5.0 Microsoft Entra ID Azure Managed Instance for Apache Cassandra Dynamics CRM Service Portal Web Resource Windows 11 Version 24H2 for ARM64-based Systems Windows 11 Version 24H2 for x64-based Systems Azure CycleCloud 8.6.2 Azure CycleCloud 8.6.1 Microsoft Copilot Studio Azure Health Bot cbl2 kernel 5.15.186.1-1 on CBL Mariner 2.0 cbl2 qemu 6.2.0-24 on CBL Mariner 2.0 cbl2 kernel 5.15.180.1-1 on CBL Mariner 2.0 cbl2 cmake 3.21.4-17 on CBL Mariner 2.0 cbl2 kernel 5.15.176.3-1 on CBL Mariner 2.0 cbl2 rust 1.72.0-10 on CBL Mariner 2.0 cbl2 kernel 5.15.167.1-1 on CBL Mariner 2.0 cbl2 kernel 5.15.162.2-1 on CBL Mariner 2.0 cbl2 kernel 5.15.162.2-1 on CBL Mariner 2.0 cbl2 python3 3.9.19-5 on CBL Mariner 2.0 cbl2 expat 2.6.3-1 on CBL Mariner 2.0 cbl2 libpcap 1.10.1-3 on CBL Mariner 2.0 cbl2 mariadb 10.6.9-4 on CBL Mariner 2.0 cbl2 rust 1.72.0-9 on CBL Mariner 2.0 cbl2 vim 9.1.0697-1 on CBL Mariner 2.0 cbl2 kernel 5.15.164.1-1 on CBL Mariner 2.0 cbl2 kernel 5.15.164.1-1 on CBL Mariner 2.0 cbl2 frr 8.5.5-1 on CBL Mariner 2.0 cbl2 python3 3.9.19-4 on CBL Mariner 2.0 cbl2 vim 9.0.2121-3 on CBL Mariner 2.0 cbl2 python-webob 1.8.8-1 on CBL Mariner 2.0 cbl2 nginx 1.22.1-12 on CBL Mariner 2.0 cbl2 unbound 1.19.1-2 on CBL Mariner 2.0 cbl2 libtiff 4.6.0-3 on CBL Mariner 2.0 cbl2 postgresql 14.13-1 on CBL Mariner 2.0 cbl2 reaper 3.1.1-11 on CBL Mariner 2.0 cbl2 rubygem-rexml 3.2.7-2 on CBL Mariner 2.0 cbl2 vim 9.0.2121-4 on CBL Mariner 2.0 cbl2 python3 3.9.19-8 on CBL Mariner 2.0 cbl2 ruby 3.1.4-7 on CBL Mariner 2.0 cbl2 expat 2.6.2-2 on CBL Mariner 2.0 azl3 qemu 8.2.0-16 on Azure Linux 3.0 azl3 cmake 3.30.3-6 on Azure Linux 3.0 azl3 kernel 6.6.64.2-9 on Azure Linux 3.0 azl3 tensorflow 2.16.1-7 on Azure Linux 3.0 azl3 python3 3.12.3-5 on Azure Linux 3.0 azl3 grpc 1.62.0-4 on Azure Linux 3.0 azl3 ruby 3.3.5-1 on Azure Linux 3.0 azl3 kernel 6.6.51.1-5 on Azure Linux 3.0 azl3 unbound 1.19.1-4 on Azure Linux 3.0 azl3 kernel 6.6.51.1-1 on Azure Linux 3.0 azl3 python3 3.12.3-4 on Azure Linux 3.0 azl3 expat 2.6.3-1 on Azure Linux 3.0 azl3 nmap 7.95-2 on Azure Linux 3.0 azl3 libpcap 1.10.5-1 on Azure Linux 3.0 azl3 mariadb 10.6.9-6 on Azure Linux 3.0 azl3 python-tensorboard 2.16.2-3 on Azure Linux 3.0 azl3 kata-containers 3.2.0.azl4-1 on Azure Linux 3.0 azl3 kata-containers-cc 3.2.0.azl4-1 on Azure Linux 3.0 azl3 flux 0.194.5-2 on Azure Linux 3.0 azl3 virtiofsd 1.8.0-3 on Azure Linux 3.0 azl3 vim 9.1.0697-1 on Azure Linux 3.0 azl3 kernel 6.6.47.1-1 on Azure Linux 3.0 azl3 rubygem-rexml 3.3.9-1 on Azure Linux 3.0 azl3 tensorflow 2.16.1-6 on Azure Linux 3.0 azl3 python3 3.12.3-2 on Azure Linux 3.0 azl3 frr 9.1.1-2 on Azure Linux 3.0 azl3 python-webob 1.8.8-1 on Azure Linux 3.0 azl3 vim 9.0.2190-5 on Azure Linux 3.0 azl3 nginx 1.25.4-2 on Azure Linux 3.0 azl3 unbound 1.19.1-2 on Azure Linux 3.0 azl3 libtiff 4.6.0-4 on Azure Linux 3.0 azl3 kernel 6.6.43.1-7 on Azure Linux 3.0 azl3 postgresql 16.4-1 on Azure Linux 3.0 azl3 grpc 1.62.3-1 on Azure Linux 3.0 azl3 libnbd 1.18.3-3 on Azure Linux 3.0 azl3 vim 9.0.2190-4 on Azure Linux 3.0 azl3 tensorflow 2.16.1-9 on Azure Linux 3.0 azl3 python3 3.12.3-3 on Azure Linux 3.0 azl3 rubygem-rexml 3.3.4-1 on Azure Linux 3.0 azl3 ruby 3.3.3-2 on Azure Linux 3.0 azl3 kernel 6.6.35.1-5 on Azure Linux 3.0 azl3 rubygem-rexml 3.2.8-1 on Azure Linux 3.0 azl3 postgresql 16.3-1 on Azure Linux 3.0 azl3 expat 2.6.2-1 on Azure Linux 3.0 cbl2 grpc 1.42.0-11 on CBL Mariner 2.0 cbl2 apr 1.7.5-1 on CBL Mariner 2.0 azl3 apr 1.7.5-1 on Azure Linux 3.0 cbl2 libtiff 4.6.0-6 on CBL Mariner 2.0 azl3 libtiff 4.6.0-6 on Azure Linux 3.0 azl3 mozjs 102.15.1-1 on Azure Linux 3.0 cbl2 kernel 5.15.182.1-1 on CBL Mariner 2.0 azl3 vim 9.1.0791-4 on Azure Linux 3.0 azl3 wpa_supplicant 2.10-3 on Azure Linux 3.0 azl3 wireshark 4.4.7-1 on Azure Linux 3.0 azl3 kernel 6.6.92.2-1 on Azure Linux 3.0 cbl2 qemu 6.2.0-24 on CBL Mariner 2.0 cbl2 tensorflow 2.11.1-2 on CBL Mariner 2.0 cbl2 kernel 5.15.164.1-1 on CBL Mariner 2.0 cbl2 kernel 5.15.180.1-1 on CBL Mariner 2.0 cbl2 python3 3.9.19-13 on CBL Mariner 2.0 cbl2 kernel 5.15.182.1-1 on CBL Mariner 2.0 azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0 cbl2 kata-containers 3.2.0.azl2-6 on CBL Mariner 2.0 cbl2 virtiofsd 1.8.0-3 on CBL Mariner 2.0 cbl2 rust 1.72.0-10 on CBL Mariner 2.0 cbl2 ruby 3.1.4-9 on CBL Mariner 2.0 cbl2 rubygem-rexml 3.2.7-4 on CBL Mariner 2.0 cbl2 kernel 5.15.162.2-1 on CBL Mariner 2.0 cbl2 vim 9.1.0791-4 on CBL Mariner 2.0 cbl2 cmake 3.21.4-17 on CBL Mariner 2.0 cbl2 vim 9.0.2121-5 on CBL Mariner 2.0 cbl2 unbound 1.19.1-3 on CBL Mariner 2.0 azl3 vim 9.0.2190-6 on Azure Linux 3.0 cbl2 libtiff 4.6.0-6 on CBL Mariner 2.0 cbl2 reaper 3.1.1-18 on CBL Mariner 2.0 azl3 nginx 1.25.4-4 on Azure Linux 3.0 cbl2 libnbd 1.12.1-4 on CBL Mariner 2.0 cbl2 grpc 1.42.0-11 on CBL Mariner 2.0 cbl2 wpa_supplicant 2.10-3 on CBL Mariner 2.0 azl3 kata-containers-cc 3.2.0.azl3-1 on Azure Linux 3.0 azl3 kata-containers 3.2.0.azl3-2 on Azure Linux 3.0 cbl2 rubygem-rexml 3.2.9-1 on CBL Mariner 2.0 azl3 qemu 8.2.0-17 on Azure Linux 3.0 cbl2 postgresql 14.12-1 on CBL Mariner 2.0 azl3 apr 1.7.4-1 on Azure Linux 3.0 cbl2 apr 1.7.2-2 on CBL Mariner 2.0 cbl2 cloud-hypervisor 32.0-7 on CBL Mariner 2.0 cbl2 kata-containers-cc 3.2.0.azl2-7 on CBL Mariner 2.0 azl3 flux 0.194.5-4 on Azure Linux 3.0 cbl2 nginx 1.22.1-13 on CBL Mariner 2.0 cbl2 expat 2.6.2-2 on CBL Mariner 2.0 azl3 libpcap 1.10.4-1 on Azure Linux 3.0 cbl2 libpcap 1.10.1-4 on CBL Mariner 2.0 cbl2 nmap 7.93-3 on CBL Mariner 2.0 azl3 python-webob 1.8.7-1 on Azure Linux 3.0 cbl2 python-webob 1.8.7-1 on CBL Mariner 2.0 cbl2 frr 8.5.5-2 on CBL Mariner 2.0 azl3 kernel 6.6.96.2-2 on Azure Linux 3.0 azl3 kernel 6.6.104.2-4 on Azure Linux 3.0 cbl2 qemu 6.2.0-25 on CBL Mariner 2.0 azl3 kernel 6.6.112.1-2 on Azure Linux 3.0 azl3 kernel 6.6.117.1-1 on Azure Linux 3.0 azl3 kernel 6.6.119.3-1 on Azure Linux 3.0 azl3 kernel 6.6.119.3-3 on Azure Linux 3.0 azl3 kernel 6.6.121.1-1 on Azure Linux 3.0 cbl2 kernel 5.15.200.1-1 on CBL Mariner 2.0 azl3 kernel 6.6.126.1-1 on Azure Linux 3.0 cbl2 kernel 5.15.202.1-1 on CBL Mariner 2.0 azl3 kernel 6.6.130.1-3 on Azure Linux 3.0 azl3 kernel 6.6.134.1-2 on Azure Linux 3.0 azl3 kernel 6.6.137.1-2 on Azure Linux 3.0 azl3 kernel 6.6.138.1-1 on Azure Linux 3.0 azl3 kernel 6.6.139.1-1 on Azure Linux 3.0 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Vim double free in src/alloc.c:616 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-41957 Double Free 17265-16823 17666-17084 19763-17086 19769-17084 17265-16823 17666-17084 19763-17086 19769-17084 Moderate 17265-16823 Moderate 17666-17084 Moderate 19763-17086 Moderate 19769-17084 5.3 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L 17265-16823 5.3 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L 17666-17084 4.5 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L 19763-17086 4.5 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L 19769-17084 CBL-Mariner Releases 17265-16823 19763-17086 No Security Update 9.0.2121-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17265-16823 19763-17086 CBL-Mariner Releases CBL-Mariner Releases 17666-17084 19769-17084 No Security Update 9.0.2190-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17666-17084 19769-17084 CBL-Mariner Releases 1.2 2026-02-19T01:07:18 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2024-10-12T00:00:00 <p>Information published.</p> libceph: fix race between delayed_work() and ceph_monc_stop() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42232 Use After Free 17250-16823 17661-17084 19731-17086 17671-17084 17233-17086 17250-16823 17661-17084 19731-17086 17671-17084 17233-17086 Moderate 17250-16823 Moderate 17661-17084 19731-17086 Moderate 17671-17084 Moderate 17233-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19731-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17233-17086 CBL-Mariner Releases 17250-16823 19731-17086 17233-17086 No Security Update 5.15.164.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17250-16823 19731-17086 17233-17086 CBL-Mariner Releases CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 1.1 2024-08-21T00:00:00 <p>Information published.</p> 2.0 2026-02-19T01:19:15 <p>Information published.</p> firmware: cs_dsp: Return error if block header overflows file <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42238 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 17661-17084 17671-17084 17661-17084 17671-17084 Moderate 17661-17084 Moderate 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17661-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 1.1 2026-02-19T01:14:43 <p>Information published.</p> mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42243 17661-17084 17671-17084 17661-17084 17671-17084 Moderate 17661-17084 Moderate 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17661-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 1.1 2026-02-19T01:16:33 <p>Information published.</p> Revert "sched/fair: Make sure to try to detach at least one movable task" <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42245 Improper Locking 17661-17084 17671-17084 17661-17084 17671-17084 Moderate 17661-17084 Moderate 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 1.1 2026-02-19T01:17:57 <p>Information published.</p> wireguard: allowedips: avoid unaligned 64-bit memory accesses <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42247 Allocation of Resources Without Limits or Throttling 17250-16823 17661-17084 17233-17086 17671-17084 19731-17086 17250-16823 17661-17084 17233-17086 17671-17084 19731-17086 Moderate 17250-16823 Moderate 17661-17084 Moderate 17233-17086 Moderate 17671-17084 19731-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17233-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19731-17086 CBL-Mariner Releases 17250-16823 17233-17086 19731-17086 No Security Update 5.15.164.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17250-16823 17233-17086 19731-17086 CBL-Mariner Releases CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 2.0 2026-02-19T01:15:55 <p>Information published.</p> 1.1 2024-08-21T00:00:00 <p>Information published.</p> drm/i915/gem: Fix Virtual Memory mapping boundaries calculation <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42259 Incorrect Calculation of Buffer Size 17207-16823 19670-17086 17250-17086 17207-16823 19670-17086 17250-17086 Moderate 17207-16823 19670-17086 Moderate 17250-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19670-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17250-17086 CBL-Mariner Releases 17207-16823 19670-17086 17250-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 19670-17086 17250-17086 CBL-Mariner Releases 2.0 2026-02-18T02:32:14 <p>Information published.</p> 1.0 2024-10-12T00:00:00 <p>Information published.</p> netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init(). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42269 NULL Pointer Dereference 17207-16823 17651-17084 19682-17086 18490-17086 17661-17084 17207-16823 17651-17084 19682-17086 18490-17086 17661-17084 Moderate 17207-16823 Moderate 17651-17084 19682-17086 Moderate 18490-17086 Moderate 17661-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19682-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18490-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17661-17084 CBL-Mariner Releases 17207-16823 19682-17086 18490-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 19682-17086 18490-17086 CBL-Mariner Releases CBL-Mariner Releases 17651-17084 17661-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17661-17084 CBL-Mariner Releases 2.0 2026-02-18T14:42:32 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2024-10-12T00:00:00 <p>Information published.</p> net/iucv: fix use after free in iucv_sock_close() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42271 Use After Free 17207-16823 17651-17084 17661-17084 19670-17086 17250-17086 17207-16823 17651-17084 17661-17084 19670-17086 17250-17086 Important 17207-16823 Important 17651-17084 Important 17661-17084 19670-17086 Important 17250-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17661-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19670-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17250-17086 CBL-Mariner Releases 17207-16823 19670-17086 17250-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 19670-17086 17250-17086 CBL-Mariner Releases CBL-Mariner Releases 17651-17084 17661-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17661-17084 CBL-Mariner Releases 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2024-10-12T00:00:00 <p>Information published.</p> 2.0 2026-02-19T01:25:13 <p>Information published.</p> iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42277 NULL Pointer Dereference 17207-16823 19670-17086 17250-17086 17207-16823 19670-17086 17250-17086 Moderate 17207-16823 19670-17086 Moderate 17250-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19670-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17250-17086 CBL-Mariner Releases 17207-16823 19670-17086 17250-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 19670-17086 17250-17086 CBL-Mariner Releases 1.0 2024-10-12T00:00:00 <p>Information published.</p> 2.0 2026-02-18T02:17:03 <p>Information published.</p> net: nexthop: Initialize all fields in dumped nexthops <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42283 Use of Uninitialized Resource 17207-16823 17651-17084 19670-17086 17661-17084 17250-17086 17207-16823 17651-17084 19670-17086 17661-17084 17250-17086 Moderate 17207-16823 Moderate 17651-17084 19670-17086 Moderate 17661-17084 Moderate 17250-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19670-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17661-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17250-17086 CBL-Mariner Releases 17207-16823 19670-17086 17250-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 19670-17086 17250-17086 CBL-Mariner Releases CBL-Mariner Releases 17651-17084 17661-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17661-17084 CBL-Mariner Releases 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2024-10-12T00:00:00 <p>Information published.</p> 2.0 2026-02-19T01:24:47 <p>Information published.</p> RDMA/iwcm: Fix a use-after-free related to destroying CM IDs <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42285 Use After Free 17207-16823 17651-17084 17661-17084 19670-17086 17250-17086 17207-16823 17651-17084 17661-17084 19670-17086 17250-17086 Important 17207-16823 Important 17651-17084 Important 17661-17084 19670-17086 Important 17250-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17661-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19670-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17250-17086 CBL-Mariner Releases 17207-16823 19670-17086 17250-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 19670-17086 17250-17086 CBL-Mariner Releases CBL-Mariner Releases 17651-17084 17661-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17661-17084 CBL-Mariner Releases 2.0 2026-02-18T14:46:05 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2024-10-12T00:00:00 <p>Information published.</p> scsi: qla2xxx: During vport delete send async logout explicitly <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42289 NULL Pointer Dereference 17207-16823 19670-17086 17250-17086 17207-16823 19670-17086 17250-17086 Moderate 17207-16823 19670-17086 Moderate 17250-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19670-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17250-17086 CBL-Mariner Releases 17207-16823 19670-17086 17250-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 19670-17086 17250-17086 CBL-Mariner Releases 1.0 2024-10-12T00:00:00 <p>Information published.</p> 2.0 2026-02-18T01:14:36 <p>Information published.</p> f2fs: fix to don't dirty inode for readonly filesystem <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42297 17207-16823 19673-17086 17095-17086 17207-16823 19673-17086 17095-17086 Moderate 17207-16823 19673-17086 Moderate 17095-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17207-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19673-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-17086 CBL-Mariner Releases 17207-16823 19673-17086 17095-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 19673-17086 17095-17086 CBL-Mariner Releases 1.1 2024-11-01T00:00:00 <p>Added kernel to CBL-Mariner 2.0</p> 1.2 2024-12-03T00:00:00 <p>Added kernel to CBL-Mariner 2.0</p> 1.0 2024-10-12T00:00:00 <p>Information published.</p> 2.0 2026-02-21T02:53:37 <p>Information published.</p> PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42302 Use After Free 17207-16823 17651-17084 17661-17084 17250-17086 19670-17086 17207-16823 17651-17084 17661-17084 17250-17086 19670-17086 Important 17207-16823 Important 17651-17084 Important 17661-17084 Important 17250-17086 19670-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17207-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17651-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17661-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17250-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19670-17086 CBL-Mariner Releases 17207-16823 17250-17086 19670-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 17250-17086 19670-17086 CBL-Mariner Releases CBL-Mariner Releases 17651-17084 17661-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17661-17084 CBL-Mariner Releases 2.0 2026-02-18T15:03:26 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2024-10-12T00:00:00 <p>Information published.</p> hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42311 Use of Uninitialized Resource 17207-16823 19670-17086 17250-17086 17207-16823 19670-17086 17250-17086 Moderate 17207-16823 19670-17086 Moderate 17250-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19670-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17250-17086 CBL-Mariner Releases 17207-16823 19670-17086 17250-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 19670-17086 17250-17086 CBL-Mariner Releases 1.0 2024-10-12T00:00:00 <p>Information published.</p> 2.0 2026-02-21T00:54:03 <p>Information published.</p> mm/mglru: fix div-by-zero in vmpressure_calc_level() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42316 Divide By Zero 17651-17084 17661-17084 17651-17084 17661-17084 Moderate 17651-17084 Moderate 17661-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17661-17084 CBL-Mariner Releases 17651-17084 17661-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17661-17084 CBL-Mariner Releases 1.1 2026-02-18T15:09:16 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> In the Elliptic package 6.5.6 for Node.js EDDSA signature malleability occurs because there is a missing signature length check and thus zero-valued bytes can be removed or appended. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-42459 Improper Verification of Cryptographic Signature 17261-16823 19820-17086 17261-16823 19820-17086 Moderate 17261-16823 Moderate 19820-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 17261-16823 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 19820-17086 CBL-Mariner Releases 17261-16823 19820-17086 No Security Update 3.1.1-11 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17261-16823 19820-17086 CBL-Mariner Releases 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2026-02-19T01:10:50 <p>Information published.</p> In the Elliptic package 6.5.6 for Node.js ECDSA signature malleability occurs because BER-encoded signatures are allowed. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-42461 Improper Verification of Cryptographic Signature 17261-16823 19820-17086 17261-16823 19820-17086 Critical 17261-16823 Critical 19820-17086 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 17261-16823 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 19820-17086 CBL-Mariner Releases 17261-16823 19820-17086 No Security Update 3.1.1-11 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17261-16823 19820-17086 CBL-Mariner Releases 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2026-02-19T01:11:01 <p>Information published.</p> Unbound: null pointer dereference in unbound <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2024-43167 NULL Pointer Dereference 17617-17084 19765-17086 17617-17084 19765-17086 Low 17617-17084 Low 19765-17086 2.8 2.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L 17617-17084 2.8 2.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L 19765-17086 CBL-Mariner Releases 17617-17084 No Security Update 1.19.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17617-17084 CBL-Mariner Releases CBL-Mariner Releases 19765-17086 No Security Update 1.19.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19765-17086 CBL-Mariner Releases 1.1 2024-11-09T00:00:00 <p>Added unbound to Azure Linux 3.0 Added unbound to CBL-Mariner 2.0</p> 1.0 2024-10-10T00:00:00 <p>Information published.</p> 1.2 2026-02-19T01:23:55 <p>Information published.</p> Vim heap-use-after-free in src/arglist.c:207 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-43374 Use After Free 17253-16823 17657-17084 19769-17084 19763-17086 17253-16823 17657-17084 19769-17084 19763-17086 Moderate 17253-16823 Moderate 17657-17084 Moderate 19769-17084 Moderate 19763-17086 4.5 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L 17253-16823 4.5 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L 17657-17084 4.5 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L 19769-17084 4.5 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L 19763-17086 CBL-Mariner Releases 17253-16823 19763-17086 No Security Update 9.0.2121-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17253-16823 19763-17086 CBL-Mariner Releases CBL-Mariner Releases 17657-17084 19769-17084 No Security Update 9.0.2190-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17657-17084 19769-17084 CBL-Mariner Releases 1.3 2026-02-18T14:44:22 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2024-10-12T00:00:00 <p>Information published.</p> 1.2 2024-12-03T00:00:00 <p>Added vim to CBL-Mariner 2.0 Added vim to Azure Linux 3.0</p> heap-buffer-overflow in ins_typebuf() in Vim < 9.1.0697 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-43802 Heap-based Buffer Overflow 17249-16823 17650-17084 19268-17084 19744-17086 17249-16823 17650-17084 19268-17084 19744-17086 Moderate 17249-16823 Moderate 17650-17084 Moderate 19268-17084 Moderate 19744-17086 4.5 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L 17249-16823 4.5 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L 17650-17084 4.5 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L 19268-17084 4.5 4.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L 19744-17086 CBL-Mariner Releases 17249-16823 17650-17084 No Security Update 9.1.0697-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17249-16823 17650-17084 CBL-Mariner Releases CBL-Mariner Releases 19268-17084 19744-17086 No Security Update 9.1.1164-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19268-17084 19744-17086 CBL-Mariner Releases 1.1 2024-10-24T00:00:00 <p>Added vim to Azure Linux 3.0 Added vim to CBL-Mariner 2.0</p> 1.2 2025-03-11T00:00:00 <p>Added vim to Azure Linux 3.0 Added vim to CBL-Mariner 2.0</p> 1.5 2026-02-18T15:15:03 <p>Information published.</p> 1.0 2024-10-18T00:00:00 <p>Information published.</p> 1.3 2025-03-12T00:00:00 <p>Added vim to CBL-Mariner 2.0 Added vim to Azure Linux 3.0</p> 1.4 2025-03-14T00:00:00 <p>Added vim to Azure Linux 3.0 Added vim to CBL-Mariner 2.0</p> ext4: fix infinite loop when replaying fast_commit <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43828 Loop with Unreachable Exit Condition ('Infinite Loop') 17207-16823 17651-17084 19670-17086 17661-17084 17250-17086 17207-16823 17651-17084 19670-17086 17661-17084 17250-17086 Moderate 17207-16823 Moderate 17651-17084 19670-17086 Moderate 17661-17084 Moderate 17250-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17207-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17651-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19670-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17661-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17250-17086 CBL-Mariner Releases 17207-16823 19670-17086 17250-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 19670-17086 17250-17086 CBL-Mariner Releases CBL-Mariner Releases 17651-17084 17661-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17661-17084 CBL-Mariner Releases 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2024-10-12T00:00:00 <p>Information published.</p> 2.0 2026-02-18T14:58:23 <p>Information published.</p> media: v4l: async: Fix NULL pointer dereference in adding ancillary links <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43833 NULL Pointer Dereference 17651-17084 17661-17084 17651-17084 17661-17084 Moderate 17651-17084 Moderate 17661-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17651-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17661-17084 CBL-Mariner Releases 17651-17084 17661-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17661-17084 CBL-Mariner Releases 1.1 2026-02-18T15:08:53 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> cgroup/cpuset: Prevent UAF in proc_cpuset_show() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43853 Use After Free 17207-16823 17651-17084 17661-17084 19682-17086 18490-17086 17207-16823 17651-17084 17661-17084 19682-17086 18490-17086 Moderate 17207-16823 Moderate 17651-17084 Moderate 17661-17084 19682-17086 Moderate 18490-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17661-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19682-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18490-17086 CBL-Mariner Releases 17207-16823 19682-17086 18490-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 19682-17086 18490-17086 CBL-Mariner Releases CBL-Mariner Releases 17651-17084 17661-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17661-17084 CBL-Mariner Releases 2.0 2026-02-18T14:59:46 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2024-10-12T00:00:00 <p>Information published.</p> 1.2 2024-11-01T00:00:00 <p>Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0</p> 1.3 2024-12-03T00:00:00 <p>Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0</p> md: fix deadlock between mddev_suspend and flush bio <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43855 NULL Pointer Dereference 17207-16823 17651-17084 19682-17086 17661-17084 18490-17086 17207-16823 17651-17084 19682-17086 17661-17084 18490-17086 Moderate 17207-16823 Moderate 17651-17084 19682-17086 Moderate 17661-17084 Moderate 18490-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17207-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17651-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19682-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17661-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18490-17086 CBL-Mariner Releases 17207-16823 19682-17086 18490-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 19682-17086 18490-17086 CBL-Mariner Releases CBL-Mariner Releases 17651-17084 17661-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17661-17084 CBL-Mariner Releases 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2024-10-12T00:00:00 <p>Information published.</p> 2.0 2026-02-18T15:04:30 <p>Information published.</p> jfs: Fix array-index-out-of-bounds in diFree <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43858 Improper Validation of Array Index 17207-16823 17651-17084 17661-17084 17250-17086 19670-17086 17207-16823 17651-17084 17661-17084 17250-17086 19670-17086 Important 17207-16823 Important 17651-17084 Important 17661-17084 Important 17250-17086 19670-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17661-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17250-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19670-17086 CBL-Mariner Releases 17207-16823 17250-17086 19670-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 17250-17086 19670-17086 CBL-Mariner Releases CBL-Mariner Releases 17651-17084 17661-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17661-17084 CBL-Mariner Releases 2.0 2026-02-18T15:00:59 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2024-10-12T00:00:00 <p>Information published.</p> remoteproc: imx_rproc: Skip over memory region when node value is NULL <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43860 NULL Pointer Dereference 17207-16823 17651-17084 19670-17086 17250-17086 17661-17084 17207-16823 17651-17084 19670-17086 17250-17086 17661-17084 Moderate 17207-16823 Moderate 17651-17084 19670-17086 Moderate 17250-17086 Moderate 17661-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17207-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17651-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19670-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17250-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17661-17084 CBL-Mariner Releases 17207-16823 19670-17086 17250-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 19670-17086 17250-17086 CBL-Mariner Releases CBL-Mariner Releases 17651-17084 17661-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17661-17084 CBL-Mariner Releases 2.0 2026-02-18T15:05:32 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2024-10-12T00:00:00 <p>Information published.</p> vhost/vsock: always initialize seqpacket_allow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43873 Missing Initialization of Resource 17207-16823 19670-17086 17250-17086 17207-16823 19670-17086 17250-17086 Important 17207-16823 19670-17086 Important 17250-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19670-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17250-17086 CBL-Mariner Releases 17207-16823 19670-17086 17250-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 19670-17086 17250-17086 CBL-Mariner Releases 1.0 2024-10-12T00:00:00 <p>Information published.</p> 2.0 2026-02-18T01:02:41 <p>Information published.</p> Bluetooth: MGMT: Add error handling to pair_device() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43884 NULL Pointer Dereference 17207-16823 17610-17084 19529-17084 17095-17086 19673-17086 17207-16823 17610-17084 19529-17084 17095-17086 19673-17086 Moderate 17207-16823 Moderate 17610-17084 Moderate 19529-17084 Moderate 17095-17086 19673-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17207-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17610-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19529-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19673-17086 CBL-Mariner Releases 17207-16823 17095-17086 19673-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 17095-17086 19673-17086 CBL-Mariner Releases CBL-Mariner Releases 17610-17084 19529-17084 No Security Update 6.6.51.1-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17610-17084 19529-17084 CBL-Mariner Releases 1.1 2024-10-15T00:00:00 <p>Added kernel to Azure Linux 3.0 Added kernel to CBL-Mariner 2.0</p> 2.0 2026-02-18T15:13:41 <p>Information published.</p> 1.0 2024-10-12T00:00:00 <p>Information published.</p> 1.2 2024-11-01T00:00:00 <p>Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0</p> 1.3 2024-12-03T00:00:00 <p>Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0</p> tracing: Fix overflow in get_free_elt() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43890 Integer Overflow or Wraparound 17207-16823 17250-17086 19670-17086 17207-16823 17250-17086 19670-17086 Moderate 17207-16823 Moderate 17250-17086 19670-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17250-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19670-17086 CBL-Mariner Releases 17207-16823 17250-17086 19670-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 17250-17086 19670-17086 CBL-Mariner Releases 2.0 2026-02-18T01:15:58 <p>Information published.</p> 1.0 2024-10-12T00:00:00 <p>Information published.</p> memcg: protect concurrent access to mem_cgroup_idr <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43892 17207-16823 19673-17086 17095-17086 17207-16823 19673-17086 17095-17086 Moderate 17207-16823 19673-17086 Moderate 17095-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17207-16823 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 19673-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-17086 CBL-Mariner Releases 17207-16823 19673-17086 17095-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 19673-17086 17095-17086 CBL-Mariner Releases 1.2 2024-12-03T00:00:00 <p>Added kernel to CBL-Mariner 2.0</p> 1.0 2024-10-12T00:00:00 <p>Information published.</p> 1.1 2024-11-01T00:00:00 <p>Added kernel to CBL-Mariner 2.0</p> 2.0 2026-02-18T01:25:24 <p>Information published.</p> drm/client: fix null pointer dereference in drm_client_modeset_probe <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43894 NULL Pointer Dereference 17207-16823 17250-17086 19670-17086 17207-16823 17250-17086 19670-17086 Moderate 17207-16823 Moderate 17250-17086 19670-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17250-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19670-17086 CBL-Mariner Releases 17207-16823 17250-17086 19670-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 17250-17086 19670-17086 CBL-Mariner Releases 1.0 2024-10-12T00:00:00 <p>Information published.</p> 2.0 2026-02-18T02:10:24 <p>Information published.</p> drm/amd/display: Add null checker before passing variables <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43902 NULL Pointer Dereference 17207-16823 17250-17086 19670-17086 17207-16823 17250-17086 19670-17086 Moderate 17207-16823 Moderate 17250-17086 19670-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17250-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19670-17086 CBL-Mariner Releases 17207-16823 17250-17086 19670-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 17250-17086 19670-17086 CBL-Mariner Releases 2.0 2026-02-18T15:15:15 <p>Information published.</p> 1.0 2024-10-12T00:00:00 <p>Information published.</p> drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43907 NULL Pointer Dereference 17207-16823 19670-17086 17250-17086 17207-16823 19670-17086 17250-17086 Moderate 17207-16823 19670-17086 Moderate 17250-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19670-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17250-17086 CBL-Mariner Releases 17207-16823 19670-17086 17250-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 19670-17086 17250-17086 CBL-Mariner Releases 2.0 2026-02-18T15:15:30 <p>Information published.</p> 1.0 2024-10-12T00:00:00 <p>Information published.</p> md/raid5: avoid BUG_ON() while continue reshape after reassembling <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43914 17207-16823 19670-17086 17250-17086 17207-16823 19670-17086 17250-17086 Moderate 17207-16823 19670-17086 Moderate 17250-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19670-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17250-17086 CBL-Mariner Releases 17207-16823 19670-17086 17250-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 19670-17086 17250-17086 CBL-Mariner Releases 1.0 2024-10-12T00:00:00 <p>Information published.</p> 2.0 2026-02-18T01:15:16 <p>Information published.</p> sctp: Fix null-ptr-deref in reuseport_add_sock(). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-44935 NULL Pointer Dereference 17207-16823 19670-17086 17250-17086 17207-16823 19670-17086 17250-17086 Moderate 17207-16823 19670-17086 Moderate 17250-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19670-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17250-17086 CBL-Mariner Releases 17207-16823 19670-17086 17250-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 19670-17086 17250-17086 CBL-Mariner Releases 2.0 2026-02-18T15:15:37 <p>Information published.</p> 1.0 2024-10-12T00:00:00 <p>Information published.</p> kcm: Serialise kcm_sendmsg() for the same socket. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-44946 Use After Free 17207-16823 17631-17084 17651-17084 19673-17086 17095-17086 17207-16823 17631-17084 17651-17084 19673-17086 17095-17086 Moderate 17207-16823 Moderate 17631-17084 Moderate 17651-17084 19673-17086 Moderate 17095-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17651-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19673-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-17086 CBL-Mariner Releases 17207-16823 19673-17086 17095-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 19673-17086 17095-17086 CBL-Mariner Releases CBL-Mariner Releases 17631-17084 17651-17084 No Security Update 6.6.51.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17631-17084 17651-17084 CBL-Mariner Releases 1.1 2024-10-15T00:00:00 <p>Added kernel to Azure Linux 3.0 Added kernel to CBL-Mariner 2.0</p> 1.3 2024-12-03T00:00:00 <p>Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0</p> 1.0 2024-10-12T00:00:00 <p>Information published.</p> 1.2 2024-11-01T00:00:00 <p>Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0</p> 2.0 2026-02-18T01:09:40 <p>Information published.</p> An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-45490 Improper Restriction of XML External Entity Reference 17243-16823 17641-17084 17783-17084 20147-17086 17545-17084 19756-17086 17399-17086 17098-17086 17464-17084 19681-17086 17243-16823 17641-17084 17783-17084 20147-17086 17545-17084 19756-17086 17399-17086 17098-17086 17464-17084 19681-17086 Important 17243-16823 Important 17641-17084 Important 17783-17084 20147-17086 Important 17545-17084 19756-17086 Important 17399-17086 Important 17098-17086 Important 17464-17084 Important 19681-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17243-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17641-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17783-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20147-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17545-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19756-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17399-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17098-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17464-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19681-17086 CBL-Mariner Releases 17243-16823 17641-17084 17783-17084 20147-17086 17399-17086 No Security Update 2.6.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17243-16823 17641-17084 17783-17084 20147-17086 17399-17086 CBL-Mariner Releases CBL-Mariner Releases 17545-17084 No Security Update 3.12.9-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17545-17084 CBL-Mariner Releases 1.1 2024-10-15T00:00:00 <p>Added expat to Azure Linux 3.0 Added expat to CBL-Mariner 2.0</p> 1.3 2025-03-14T00:00:00 <p>Added python3 to Azure Linux 3.0 Added expat to Azure Linux 3.0 Added expat to CBL-Mariner 2.0</p> 2.0 2026-02-18T15:17:40 <p>Information published.</p> 1.0 2024-09-13T00:00:00 <p>Information published.</p> 1.2 2024-10-18T00:00:00 <p>Added expat to CBL-Mariner 2.0 Added expat to Azure Linux 3.0</p> Libtiff: null pointer dereference in tif_dirinfo.c <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2024-7006 NULL Pointer Dereference 17258-16823 17660-17084 19773-17086 18229-17084 18228-17086 17258-16823 17660-17084 19773-17086 18229-17084 18228-17086 Important 17258-16823 Important 17660-17084 19773-17086 Important 18229-17084 Important 18228-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17258-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17660-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19773-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18229-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18228-17086 CBL-Mariner Releases 17258-16823 19773-17086 18228-17086 No Security Update 4.6.0-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17258-16823 19773-17086 18228-17086 CBL-Mariner Releases CBL-Mariner Releases 17660-17084 18229-17084 No Security Update 4.6.0-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17660-17084 18229-17084 CBL-Mariner Releases 1.0 2024-08-18T00:00:00 <p>Information published.</p> 1.1 2024-08-25T00:00:00 <p>Information published.</p> 1.2 2024-08-26T00:00:00 <p>Information published.</p> 1.3 2024-08-27T00:00:00 <p>Information published.</p> 1.4 2024-08-28T00:00:00 <p>Information published.</p> 1.5 2024-08-29T00:00:00 <p>Information published.</p> 1.6 2024-08-30T00:00:00 <p>Information published.</p> 1.7 2024-08-31T00:00:00 <p>Information published.</p> 1.8 2024-09-01T00:00:00 <p>Information published.</p> 1.9 2024-09-02T00:00:00 <p>Information published.</p> 2.0 2024-09-03T00:00:00 <p>Information published.</p> 2.1 2024-09-05T00:00:00 <p>Information published.</p> 2.2 2024-09-06T00:00:00 <p>Information published.</p> 2.3 2024-09-07T00:00:00 <p>Information published.</p> 2.4 2024-09-08T00:00:00 <p>Information published.</p> 2.5 2024-09-11T00:00:00 <p>Information published.</p> 2.6 2024-12-03T00:00:00 <p>Added libtiff to CBL-Mariner 2.0 Added libtiff to Azure Linux 3.0</p> 3.0 2026-02-19T01:23:45 <p>Information published.</p> Libnbd: nbd server improper certificate validation <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2024-7383 Improper Certificate Validation 17665-17084 19866-17086 17665-17084 19866-17086 Moderate 17665-17084 Moderate 19866-17086 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 17665-17084 6.5 5.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:R 19866-17086 CBL-Mariner Releases 17665-17084 No Security Update 1.18.3-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17665-17084 CBL-Mariner Releases CBL-Mariner Releases 19866-17086 No Security Update 1.12.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19866-17086 CBL-Mariner Releases 1.1 2024-10-15T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 1.5 2024-10-19T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 1.6 2024-10-20T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 1.7 2024-10-21T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 2.0 2024-10-24T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 2.1 2024-10-25T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 2.2 2024-10-26T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 2.4 2024-10-28T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 2.6 2024-10-30T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 3.0 2024-11-04T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 3.1 2024-11-05T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 3.4 2024-11-08T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 3.5 2024-11-09T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 3.6 2024-11-10T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 3.8 2024-11-12T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 3.9 2024-11-13T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 4.0 2024-11-14T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 4.5 2024-11-19T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 4.7 2024-11-21T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 4.9 2024-11-24T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 5.0 2024-11-25T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 5.3 2024-11-28T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 5.4 2024-11-29T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 5.6 2024-12-01T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 5.8 2024-12-03T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 5.9 2024-12-04T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 6.1 2024-12-07T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 6.4 2024-12-10T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 7.0 2024-12-16T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 7.1 2024-12-17T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 7.2 2024-12-18T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 7.3 2024-12-19T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 7.4 2024-12-20T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 7.5 2024-12-21T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 7.6 2024-12-22T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 7.7 2024-12-23T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 7.9 2024-12-25T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 8.4 2024-12-30T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 8.5 2024-12-31T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 9.0 2025-01-05T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 9.1 2025-01-06T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 9.4 2025-01-09T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 9.5 2025-01-10T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 9.8 2025-01-13T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 9.9 2025-01-15T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 10.0 2025-01-16T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 10.1 2025-01-17T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 10.6 2025-01-22T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 10.7 2025-01-23T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 10.8 2025-01-24T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 11.0 2025-01-27T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 11.3 2025-01-30T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 11.4 2025-02-01T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 11.8 2025-02-05T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 11.9 2025-02-07T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 12.0 2025-02-08T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 12.4 2025-02-12T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 12.9 2025-02-17T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 13.0 2025-02-18T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 13.2 2025-02-20T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 13.3 2025-02-21T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 13.6 2025-02-24T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 13.8 2025-02-26T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 13.9 2025-02-27T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 14.2 2025-03-02T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 14.3 2025-03-03T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 14.5 2025-03-05T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 14.6 2025-03-06T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 15.0 2025-03-11T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 15.1 2025-03-12T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 15.9 2025-03-21T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 16.0 2025-03-22T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 16.1 2025-03-23T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 16.2 2025-03-24T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 16.5 2025-03-27T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 16.6 2025-03-28T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 16.7 2025-03-29T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 16.8 2025-03-30T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 16.9 2025-03-31T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 17.0 2025-04-01T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 17.3 2025-04-05T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 17.7 2025-04-09T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 17.8 2025-04-11T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 18.0 2025-04-13T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 18.5 2025-04-18T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 19.1 2025-04-24T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 19.3 2025-04-26T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 19.6 2025-04-30T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 19.9 2025-05-03T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 20.1 2025-05-05T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 20.2 2025-05-06T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 20.3 2025-05-07T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 20.7 2025-05-11T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 20.8 2025-05-12T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 21.0 2025-05-14T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 21.2 2025-05-16T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 21.3 2025-05-17T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 21.4 2025-05-18T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 21.6 2025-05-20T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 21.7 2025-05-21T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 21.8 2025-05-22T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 22.0 2025-05-24T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 22.2 2025-05-26T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 22.3 2025-05-27T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 22.4 2026-02-19T01:11:19 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.2 2024-10-16T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 1.3 2024-10-17T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 1.4 2024-10-18T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 1.8 2024-10-22T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 1.9 2024-10-23T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 2.3 2024-10-27T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 2.5 2024-10-29T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 2.7 2024-10-31T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 2.8 2024-11-01T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 2.9 2024-11-02T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 3.2 2024-11-06T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 3.3 2024-11-07T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 3.7 2024-11-11T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 4.1 2024-11-15T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 4.2 2024-11-16T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 4.3 2024-11-17T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 4.4 2024-11-18T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 4.6 2024-11-20T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 4.8 2024-11-23T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 5.1 2024-11-26T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 5.2 2024-11-27T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 5.5 2024-11-30T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 5.7 2024-12-02T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 6.0 2024-12-05T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 6.2 2024-12-08T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 6.3 2024-12-09T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 6.5 2024-12-11T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 6.6 2024-12-12T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 6.7 2024-12-13T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 6.8 2024-12-14T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 6.9 2024-12-15T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 7.8 2024-12-24T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 8.0 2024-12-26T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 8.1 2024-12-27T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 8.2 2024-12-28T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 8.3 2024-12-29T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 8.6 2025-01-01T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 8.7 2025-01-02T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 8.8 2025-01-03T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 8.9 2025-01-04T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 9.2 2025-01-07T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 9.3 2025-01-08T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 9.6 2025-01-11T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 9.7 2025-01-12T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 10.2 2025-01-18T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 10.3 2025-01-19T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 10.4 2025-01-20T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 10.5 2025-01-21T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 10.9 2025-01-25T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 11.1 2025-01-28T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 11.2 2025-01-29T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 11.5 2025-02-02T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 11.6 2025-02-03T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 11.7 2025-02-04T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 12.1 2025-02-09T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 12.2 2025-02-10T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 12.3 2025-02-11T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 12.5 2025-02-13T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 12.6 2025-02-14T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 12.7 2025-02-15T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 12.8 2025-02-16T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 13.1 2025-02-19T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 13.4 2025-02-22T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 13.5 2025-02-23T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 13.7 2025-02-25T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 14.0 2025-02-28T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 14.1 2025-03-01T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 14.4 2025-03-04T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 14.7 2025-03-08T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 14.8 2025-03-09T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 14.9 2025-03-10T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 15.2 2025-03-14T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 15.3 2025-03-15T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 15.4 2025-03-16T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 15.5 2025-03-17T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 15.6 2025-03-18T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 15.7 2025-03-19T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 15.8 2025-03-20T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 16.3 2025-03-25T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 16.4 2025-03-26T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 17.1 2025-04-03T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 17.2 2025-04-04T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 17.4 2025-04-06T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 17.5 2025-04-07T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 17.6 2025-04-08T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 17.9 2025-04-12T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 18.1 2025-04-14T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 18.2 2025-04-15T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 18.3 2025-04-16T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 18.4 2025-04-17T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 18.6 2025-04-19T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 18.7 2025-04-20T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 18.8 2025-04-21T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 18.9 2025-04-22T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 19.0 2025-04-23T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 19.2 2025-04-25T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 19.4 2025-04-28T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 19.5 2025-04-29T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 19.7 2025-05-01T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 19.8 2025-05-02T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 20.0 2025-05-04T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 20.4 2025-05-08T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 20.5 2025-05-09T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 20.6 2025-05-10T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 20.9 2025-05-13T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 21.1 2025-05-15T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 21.5 2025-05-19T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 21.9 2025-05-23T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> 22.1 2025-05-25T00:00:00 <p>Added libnbd to CBL-Mariner 2.0</p> Quadratic complexity parsing cookies with backslashes <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner PSF Yes CVE-2024-7592 Inefficient Regular Expression Complexity 17252-16823 17653-17084 17654-17084 19681-17086 17545-17084 17667-17084 17252-16823 17653-17084 17654-17084 19681-17086 17545-17084 17667-17084 Important 17252-16823 Important 17653-17084 Important 17654-17084 Important 19681-17086 Important 17545-17084 Important 17667-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17252-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17653-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17654-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19681-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17545-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17667-17084 CBL-Mariner Releases 17252-16823 19681-17086 No Security Update 3.9.19-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17252-16823 19681-17086 CBL-Mariner Releases CBL-Mariner Releases 17653-17084 17667-17084 No Security Update 2.16.1-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17653-17084 17667-17084 CBL-Mariner Releases CBL-Mariner Releases 17654-17084 17545-17084 No Security Update 3.12.3-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17654-17084 17545-17084 CBL-Mariner Releases 1.1 2024-10-15T00:00:00 <p>Added tensorflow to Azure Linux 3.0 Added python3 to Azure Linux 3.0 Added python3 to CBL-Mariner 2.0</p> 1.2 2026-02-18T14:47:43 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> Double-free in libpcap before 1.10.5 with remote packet capture support. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Tcpdump Yes CVE-2023-7256 Double Free 20209-17084 20213-17086 20217-17086 17642-17084 17643-17084 20209-17084 20213-17086 20217-17086 17642-17084 17643-17084 Moderate 20209-17084 Moderate 20213-17086 Moderate 20217-17086 Moderate 17642-17084 Moderate 17643-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20209-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20213-17086 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20217-17086 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17642-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17643-17084 CBL-Mariner Releases 20209-17084 17643-17084 No Security Update 1.10.5-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20209-17084 17643-17084 CBL-Mariner Releases CBL-Mariner Releases 20213-17086 No Security Update 1.10.1-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20213-17086 CBL-Mariner Releases CBL-Mariner Releases 20217-17086 No Security Update 7.93-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20217-17086 CBL-Mariner Releases CBL-Mariner Releases 17642-17084 No Security Update 7.95-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17642-17084 CBL-Mariner Releases 1.0 2024-11-09T00:00:00 <p>Information published.</p> 1.2 2024-11-26T00:00:00 <p>Added nmap to Azure Linux 3.0 Added libpcap to Azure Linux 3.0 Added libpcap to CBL-Mariner 2.0 Added nmap to CBL-Mariner 2.0</p> 1.1 2024-11-20T00:00:00 <p>Added libpcap to CBL-Mariner 2.0 Added nmap to CBL-Mariner 2.0 Added libpcap to Azure Linux 3.0</p> 1.3 2026-02-21T00:48:04 <p>Information published.</p> virtio_net: Fix napi_skb_cache_put warning <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43835 17110-16823 17501-17084 19529-17084 19673-17086 17095-17086 17110-16823 17501-17084 19529-17084 19673-17086 17095-17086 Moderate 17110-16823 Moderate 17501-17084 19529-17084 19673-17086 17095-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17110-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19529-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19673-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-17086 CBL-Mariner Releases 17110-16823 No Security Update 5.15.176.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17110-16823 CBL-Mariner Releases CBL-Mariner Releases 17501-17084 No Security Update 6.6.64.2-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17501-17084 CBL-Mariner Releases CBL-Mariner Releases 19529-17084 19673-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 19673-17086 CBL-Mariner Releases 1.0 2025-09-03T21:45:01 <p>Information published.</p> 2.0 2026-02-21T01:57:33 <p>Information published.</p> bna: adjust 'name' buf size of bna_tcb and bna_ccb structures <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43839 Out-of-bounds Write 17207-16823 17095-17086 19673-17086 17207-16823 17095-17086 19673-17086 Important 17207-16823 Important 17095-17086 19673-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17095-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19673-17086 CBL-Mariner Releases 17207-16823 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 CBL-Mariner Releases CBL-Mariner Releases 19673-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19673-17086 CBL-Mariner Releases 1.0 2025-09-03T21:49:44 <p>Information published.</p> 2.0 2026-02-21T02:00:19 <p>Information published.</p> soc: qcom: pdr: protect locator_addr with the main mutex <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43849 Improper Locking 17110-16823 19673-17086 17095-17086 17110-16823 19673-17086 17095-17086 Moderate 17110-16823 19673-17086 17095-17086 CBL-Mariner Releases 17110-16823 No Security Update 5.15.176.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17110-16823 CBL-Mariner Releases CBL-Mariner Releases 19673-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19673-17086 CBL-Mariner Releases 2.0 2026-02-18T01:22:49 <p>Information published.</p> 1.0 2025-09-03T20:22:56 <p>Information published.</p> fou: remove warn in gue_gro_receive on unsupported protocol <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-44940 17110-16823 19673-17086 17095-17086 17110-16823 19673-17086 17095-17086 Important 17110-16823 19673-17086 Important 17095-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17110-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19673-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17095-17086 CBL-Mariner Releases 17110-16823 No Security Update 5.15.176.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17110-16823 CBL-Mariner Releases CBL-Mariner Releases 19673-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19673-17086 CBL-Mariner Releases 1.0 2025-09-04T00:03:13 <p>Information published.</p> 2.0 2026-02-18T02:34:12 <p>Information published.</p> f2fs: fix null reference error when checking end of zone <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43857 NULL Pointer Dereference 17501-17084 19529-17084 17501-17084 19529-17084 Moderate 17501-17084 Moderate 19529-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19529-17084 CBL-Mariner Releases 17501-17084 No Security Update 6.6.64.2-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17501-17084 CBL-Mariner Releases CBL-Mariner Releases 19529-17084 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 CBL-Mariner Releases 1.0 2025-09-03T20:28:26 <p>Information published.</p> 1.1 2026-02-18T15:09:28 <p>Information published.</p> drm/i915: Fix potential context UAFs <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2023-52913 Use After Free 19682-17086 17110-16823 18490-17086 19682-17086 17110-16823 18490-17086 19682-17086 Moderate 17110-16823 Moderate 18490-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19682-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17110-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18490-17086 CBL-Mariner Releases 19682-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19682-17086 CBL-Mariner Releases CBL-Mariner Releases 17110-16823 No Security Update 5.15.176.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17110-16823 CBL-Mariner Releases 1.0 2025-09-04T00:00:32 <p>Information published.</p> 2.0 2026-02-18T02:33:36 <p>Information published.</p> `rustix::fs::Dir` iterator with the `linux_raw` backend can cause memory explosion <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-43806 Uncontrolled Resource Consumption 17248-16823 17646-17084 17647-17084 17648-17084 17649-17084 19695-17086 20115-17086 19703-17086 20130-17084 19989-17084 19993-17084 17183-17086 19721-17086 20126-17086 17248-16823 17646-17084 17647-17084 17648-17084 17649-17084 19695-17086 20115-17086 19703-17086 20130-17084 19989-17084 19993-17084 17183-17086 19721-17086 20126-17086 Moderate 17248-16823 Moderate 17646-17084 Moderate 17647-17084 Moderate 17648-17084 Moderate 17649-17084 Moderate 19695-17086 Moderate 20115-17086 Moderate 19703-17086 Moderate 20130-17084 Moderate 19989-17084 Moderate 19993-17084 Moderate 17183-17086 19721-17086 Moderate 20126-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17248-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17646-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17647-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17648-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17649-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19695-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20115-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19703-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20130-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19989-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19993-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17183-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19721-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20126-17086 CBL-Mariner Releases 17248-16823 17183-17086 19721-17086 No Security Update 1.72.0-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17248-16823 17183-17086 19721-17086 CBL-Mariner Releases CBL-Mariner Releases 17646-17084 17647-17084 19989-17084 19993-17084 No Security Update 3.2.0.azl4-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17646-17084 17647-17084 19989-17084 19993-17084 CBL-Mariner Releases CBL-Mariner Releases 17648-17084 20130-17084 No Security Update 0.194.5-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17648-17084 20130-17084 CBL-Mariner Releases CBL-Mariner Releases 17649-17084 19703-17086 No Security Update 1.8.0-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17649-17084 19703-17086 CBL-Mariner Releases CBL-Mariner Releases 20115-17086 No Security Update 32.0-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20115-17086 CBL-Mariner Releases CBL-Mariner Releases 20126-17086 No Security Update 3.2.0.azl2-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20126-17086 CBL-Mariner Releases 2.0 2025-02-11T00:00:00 <p>Information published.</p> 4.0 2025-04-29T00:00:00 <p>Information published.</p> 7.0 2025-08-06T00:00:00 <p>Added kata-containers-cc to CBL-Mariner 2.0 Added cloud-hypervisor to CBL-Mariner 2.0 Added virtiofsd to CBL-Mariner 2.0 Added rust to CBL-Mariner 2.0 Added virtiofsd to Azure Linux 3.0 Added flux to Azure Linux 3.0 Added kata-containers to Azure Linux 3.0 Added kata-containers-cc to Azure Linux 3.0</p> 8.0 2026-02-18T15:16:51 <p>Information published.</p> 1.0 2024-12-21T00:00:00 <p>Information published.</p> 3.0 2025-03-27T00:00:00 <p>Information published.</p> 5.0 2025-05-06T00:00:00 <p>Information published.</p> 6.0 2025-07-11T00:00:00 <p>Added cloud-hypervisor to CBL-Mariner 2.0 Added virtiofsd to CBL-Mariner 2.0 Added rust to CBL-Mariner 2.0 Added virtiofsd to Azure Linux 3.0 Added flux to Azure Linux 3.0 Added kata-containers to Azure Linux 3.0 Added kata-containers-cc to Azure Linux 3.0</p> HPACK table poisoning in gRPC C++, Python & Ruby <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Google Yes CVE-2024-7246 Expected Behavior Violation 17664-17084 19889-17086 17562-17084 19693-17084 17667-17084 19668-17086 17868-17086 17664-17084 19889-17086 17562-17084 19693-17084 17667-17084 19668-17086 17868-17086 Moderate 17664-17084 19889-17086 17562-17084 19693-17084 17667-17084 19668-17086 Moderate 17868-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 17664-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 19889-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 17562-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 19693-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 17667-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 19668-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 17868-17086 CBL-Mariner Releases 17664-17084 17562-17084 No Security Update 1.62.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17664-17084 17562-17084 CBL-Mariner Releases 1.0 2025-09-03T20:07:14 <p>Information published.</p> ECDSA nonce bias caused by truncation <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner wolfSSL Yes CVE-2024-1544 Observable Discrepancy 1.0 2024-12-07T00:00:00 <p>Information published.</p> 1.1 2024-12-12T00:00:00 <p>Added mariadb to CBL-Mariner 2.0 Added mariadb to Azure Linux 3.0</p> Unverifed Ciphersuite used on a client-side TLS1.3 Downgrade <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner wolfSSL Yes CVE-2024-5814 Improper Access Control 1.0 2024-12-07T00:00:00 <p>Information published.</p> 1.1 2024-12-12T00:00:00 <p>Added mariadb to CBL-Mariner 2.0 Added mariadb to Azure Linux 3.0</p> drm/amd/display: Fix NULL pointer dereference for DTN log in DCN401 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43901 NULL Pointer Dereference 19683-17084 20412-17084 20725-17084 20860-17084 21094-17084 21093-17086 21308-17084 21332-17084 17087-17086 20553-17084 20613-17084 20788-17084 20823-17084 20925-17086 20956-17084 21248-17084 21344-17084 19683-17084 20412-17084 20725-17084 20860-17084 21094-17084 21093-17086 21308-17084 21332-17084 17087-17086 20553-17084 20613-17084 20788-17084 20823-17084 20925-17086 20956-17084 21248-17084 21344-17084 19683-17084 Moderate 20412-17084 Moderate 20725-17084 Moderate 20860-17084 Moderate 21094-17084 Moderate 21093-17086 Moderate 21308-17084 Moderate 21332-17084 Moderate 17087-17086 Moderate 20553-17084 Moderate 20613-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20925-17086 Moderate 20956-17084 Moderate 21248-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 2.0 2025-12-07T01:38:32 <p>Information published.</p> 6.0 2026-03-03T14:43:16 <p>Information published.</p> 8.0 2026-03-31T14:53:09 <p>Information published.</p> 11.0 2026-05-11T01:39:58 <p>Information published.</p> 1.0 2025-09-03T21:13:11 <p>Information published.</p> 3.0 2026-01-08T14:37:52 <p>Information published.</p> 4.0 2026-01-20T14:37:32 <p>Information published.</p> 5.0 2026-02-18T15:14:17 <p>Information published.</p> 7.0 2026-03-04T14:37:48 <p>Information published.</p> 9.0 2026-04-29T14:41:25 <p>Information published.</p> 10.0 2026-05-06T14:39:25 <p>Information published.</p> 12.0 2026-05-17T14:40:43 <p>Information published.</p> drm/amd/display: Fix null pointer deref in dcn20_resource.c <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43899 NULL Pointer Dereference 19683-17084 17087-17086 20412-17084 20553-17084 20613-17084 20725-17084 20860-17084 20925-17086 21093-17086 20788-17084 20823-17084 19683-17084 17087-17086 20412-17084 20553-17084 20613-17084 20725-17084 20860-17084 20925-17086 21093-17086 20788-17084 20823-17084 19683-17084 Moderate 17087-17086 Moderate 20412-17084 Moderate 20553-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20860-17084 Moderate 20925-17086 Moderate 21093-17086 Moderate 20788-17084 Moderate 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 2.0 2025-12-07T01:38:43 <p>Information published.</p> 3.0 2026-01-08T14:38:02 <p>Information published.</p> 4.0 2026-01-20T14:37:43 <p>Information published.</p> 5.0 2026-02-18T15:14:26 <p>Information published.</p> 6.0 2026-03-03T14:42:59 <p>Information published.</p> 1.0 2025-09-03T21:16:33 <p>Information published.</p> 7.0 2026-03-31T14:55:11 <p>Information published.</p> gpio: pca953x: fix pca953x_irq_bus_sync_unlock race <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42253 Improper Locking 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 2.0 2026-03-03T14:49:21 <p>Information published.</p> 3.0 2026-03-31T15:04:09 <p>Information published.</p> 1.0 2025-09-03T21:15:46 <p>Information published.</p> media: xc2028: avoid use-after-free in load_firmware_cb() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43900 Use After Free 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 Important 17087-17086 Important 20925-17086 Important 21093-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20925-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21093-17086 1.0 2025-09-03T21:35:59 <p>Information published.</p> 2.0 2026-03-03T14:42:42 <p>Information published.</p> 3.0 2026-03-31T14:54:48 <p>Information published.</p> f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-44942 19682-17086 18490-17086 19682-17086 18490-17086 19682-17086 Important 18490-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19682-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18490-17086 1.0 2025-09-03T21:45:30 <p>Information published.</p> 2.0 2026-02-18T15:15:51 <p>Information published.</p> drm/admgpu: fix dereferencing null pointer context <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43906 NULL Pointer Dereference 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 1.0 2025-09-03T21:50:17 <p>Information published.</p> 3.0 2026-03-31T14:56:22 <p>Information published.</p> 2.0 2026-03-03T14:44:23 <p>Information published.</p> nfs: pass explicit offset/count to trace events <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43826 20412-17084 20553-17084 20613-17084 20725-17084 20788-17084 20860-17084 20956-17084 19683-17084 20823-17084 20412-17084 20553-17084 20613-17084 20725-17084 20788-17084 20860-17084 20956-17084 19683-17084 20823-17084 Moderate 20412-17084 Moderate 20553-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20860-17084 Moderate 20956-17084 19683-17084 Moderate 20823-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 1.0 2025-09-03T22:17:18 <p>Information published.</p> 2.0 2025-12-07T01:47:05 <p>Information published.</p> 3.0 2026-01-08T14:46:06 <p>Information published.</p> 4.0 2026-01-20T14:41:37 <p>Information published.</p> 6.0 2026-03-04T14:40:44 <p>Information published.</p> 5.0 2026-02-19T01:44:29 <p>Information published.</p> 7.0 2026-03-28T14:36:02 <p>Information published.</p> drm/amd/display: Skip Recompute DSC Params if no Stream on Link <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43895 NULL Pointer Dereference 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-09-03T22:32:03 <p>Information published.</p> drm/i915/gt: Cleanup partial engine discovery failures <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2022-48893 Incomplete Cleanup 19673-17086 17095-17086 19673-17086 17095-17086 19673-17086 Moderate 17095-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19673-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-17086 CBL-Mariner Releases 19673-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19673-17086 CBL-Mariner Releases 1.0 2025-09-03T22:55:01 <p>Information published.</p> 2.0 2026-02-18T02:17:50 <p>Information published.</p> RDMA/hns: Fix soft lockup under heavy CEQE load <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43872 Improper Locking 17087-17086 19683-17084 20613-17084 20725-17084 20788-17084 20860-17084 20925-17086 21093-17086 21094-17084 21248-17084 20412-17084 20553-17084 20823-17084 20956-17084 21308-17084 21332-17084 21344-17084 17087-17086 19683-17084 20613-17084 20725-17084 20788-17084 20860-17084 20925-17086 21093-17086 21094-17084 21248-17084 20412-17084 20553-17084 20823-17084 20956-17084 21308-17084 21332-17084 21344-17084 Moderate 17087-17086 19683-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20860-17084 Moderate 20925-17086 Moderate 21093-17086 Moderate 21094-17084 Moderate 21248-17084 Moderate 20412-17084 Moderate 20553-17084 Moderate 20823-17084 Moderate 20956-17084 Moderate 21308-17084 Moderate 21332-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2025-09-03T23:06:13 <p>Information published.</p> 2.0 2025-12-07T01:39:14 <p>Information published.</p> 3.0 2026-01-08T14:38:34 <p>Information published.</p> 4.0 2026-01-20T14:38:12 <p>Information published.</p> 5.0 2026-02-21T00:50:41 <p>Information published.</p> 8.0 2026-03-31T14:57:51 <p>Information published.</p> 10.0 2026-05-06T14:39:51 <p>Information published.</p> 6.0 2026-03-03T14:45:29 <p>Information published.</p> 7.0 2026-03-04T14:38:18 <p>Information published.</p> 9.0 2026-04-29T14:42:09 <p>Information published.</p> 11.0 2026-05-11T01:40:24 <p>Information published.</p> 12.0 2026-05-17T14:41:13 <p>Information published.</p> kvm: s390: Reject memory region operations for ucontrol VMs <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43819 NULL Pointer Dereference 20412-17084 20553-17084 20725-17084 20788-17084 20860-17084 20925-17086 21094-17084 21248-17084 21332-17084 17087-17086 19683-17084 20613-17084 20823-17084 20956-17084 21093-17086 21308-17084 21344-17084 20412-17084 20553-17084 20725-17084 20788-17084 20860-17084 20925-17086 21094-17084 21248-17084 21332-17084 17087-17086 19683-17084 20613-17084 20823-17084 20956-17084 21093-17086 21308-17084 21344-17084 Moderate 20412-17084 Moderate 20553-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20860-17084 Moderate 20925-17086 Moderate 21094-17084 Moderate 21248-17084 Moderate 21332-17084 Moderate 17087-17086 19683-17084 Moderate 20613-17084 Moderate 20823-17084 Moderate 20956-17084 Moderate 21093-17086 Moderate 21308-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 2.0 2025-12-07T01:39:34 <p>Information published.</p> 4.0 2026-01-20T14:38:32 <p>Information published.</p> 7.0 2026-03-04T14:38:33 <p>Information published.</p> 8.0 2026-03-31T14:58:25 <p>Information published.</p> 9.0 2026-04-29T14:42:36 <p>Information published.</p> 1.0 2025-09-03T23:11:22 <p>Information published.</p> 3.0 2026-01-08T14:38:54 <p>Information published.</p> 5.0 2026-02-21T00:51:28 <p>Information published.</p> 6.0 2026-03-03T14:45:45 <p>Information published.</p> 10.0 2026-05-06T14:41:24 <p>Information published.</p> 11.0 2026-05-11T01:40:41 <p>Information published.</p> 12.0 2026-05-17T14:41:34 <p>Information published.</p> PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43823 NULL Pointer Dereference 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 1.0 2025-09-03T23:21:21 <p>Information published.</p> 2.0 2026-03-03T14:46:03 <p>Information published.</p> 3.0 2026-03-31T14:58:48 <p>Information published.</p> jfs: fix null ptr deref in dtInsertEntry <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-44939 NULL Pointer Dereference 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 1.0 2025-09-03T23:43:38 <p>Information published.</p> 2.0 2026-03-03T14:51:59 <p>Information published.</p> 3.0 2026-03-31T15:07:37 <p>Information published.</p> jfs: Fix shift-out-of-bounds in dbDiscardAG <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-44938 Out-of-bounds Write 19673-17086 17095-17086 19673-17086 17095-17086 19673-17086 Moderate 17095-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19673-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-17086 CBL-Mariner Releases 19673-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19673-17086 CBL-Mariner Releases 1.0 2025-09-03T23:54:29 <p>Information published.</p> 2.0 2026-02-18T02:32:50 <p>Information published.</p> drm/amdgpu: Fixed bug on error when unloading amdgpu <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2023-52912 17087-17086 21093-17086 20925-17086 17087-17086 21093-17086 20925-17086 Moderate 17087-17086 Moderate 21093-17086 Moderate 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 2.0 2026-03-03T14:52:21 <p>Information published.</p> 3.0 2026-03-31T15:07:58 <p>Information published.</p> 1.0 2025-09-03T23:57:38 <p>Information published.</p> octeontx2-pf: Fix resource leakage in VF driver unbind <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2023-52905 19673-17086 17095-17086 19673-17086 17095-17086 19673-17086 Moderate 17095-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19673-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-17086 2.0 2026-02-18T02:41:39 <p>Information published.</p> 1.0 2025-09-04T00:40:18 <p>Information published.</p> mm/huge_memory: avoid PMD-size page cache if needed <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42317 20613-17084 20725-17084 20788-17084 20823-17084 20860-17084 20956-17084 21248-17084 19683-17084 20412-17084 20553-17084 21094-17084 21308-17084 21332-17084 21344-17084 20613-17084 20725-17084 20788-17084 20823-17084 20860-17084 20956-17084 21248-17084 19683-17084 20412-17084 20553-17084 21094-17084 21308-17084 21332-17084 21344-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 20956-17084 Moderate 21248-17084 19683-17084 Moderate 20412-17084 Moderate 20553-17084 Moderate 21094-17084 Moderate 21308-17084 Moderate 21332-17084 Moderate 21344-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2025-09-04T01:10:23 <p>Information published.</p> 2.0 2025-12-07T01:38:06 <p>Information published.</p> 4.0 2026-01-20T14:48:08 <p>Information published.</p> 5.0 2026-02-19T01:49:31 <p>Information published.</p> 6.0 2026-03-05T01:42:00 <p>Information published.</p> 7.0 2026-03-31T15:14:47 <p>Information published.</p> 8.0 2026-04-29T14:53:36 <p>Information published.</p> 11.1 2026-05-22T01:43:33 <p>Information published.</p> 3.0 2026-01-08T14:51:05 <p>Information published.</p> 9.0 2026-05-06T14:47:58 <p>Information published.</p> 10.0 2026-05-11T01:46:20 <p>Information published.</p> 11.0 2026-05-17T14:47:23 <p>Information published.</p> mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42319 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-10-10T14:35:23 <p>Information published.</p> net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42321 20925-17086 17087-17086 21093-17086 20925-17086 17087-17086 21093-17086 Moderate 20925-17086 Moderate 17087-17086 Moderate 21093-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20925-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 17087-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 21093-17086 2.0 2026-03-03T15:02:41 <p>Information published.</p> 3.0 2026-03-31T14:39:49 <p>Information published.</p> 1.0 2025-10-11T01:01:56 <p>Information published.</p> Qemu: denial of service via improper synchronization in qemu nbd server during socket closure <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2024-7409 Improper Synchronization 19662-17086 20035-17084 20602-17086 17093-17086 19662-17086 20035-17084 20602-17086 17093-17086 19662-17086 Important 20035-17084 Important 20602-17086 Important 17093-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19662-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20035-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 20602-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17093-17086 CBL-Mariner Releases 20035-17084 No Security Update 8.2.0-18 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20035-17084 CBL-Mariner Releases CBL-Mariner Releases 20602-17086 No Security Update 6.2.0-26 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20602-17086 CBL-Mariner Releases 1.0 2025-09-04T04:09:38 <p>Information published.</p> 2.0 2025-11-22T14:35:15 <p>Information published.</p> 2.1 2026-02-18T02:52:23 <p>Information published.</p> A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2024-7520 Access of Resource Using Incompatible Type ('Type Confusion') 18469-17084 18469-17084 Important 18469-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18469-17084 1.0 2025-09-03T20:52:42 <p>Information published.</p> 1.1 2026-02-19T01:17:06 <p>Information published.</p> Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and achieved XSS, bypassing the CSP strict-dynamic protection. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2024-7524 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 18469-17084 18469-17084 Moderate 18469-17084 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 18469-17084 1.1 2026-02-19T01:13:16 <p>Information published.</p> 1.0 2025-09-03T20:16:03 <p>Information published.</p> ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2024-7526 Use of Uninitialized Resource 18469-17084 18469-17084 Moderate 18469-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 18469-17084 1.0 2025-09-03T20:09:53 <p>Information published.</p> 1.1 2026-02-19T01:12:34 <p>Information published.</p> Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2024-7527 Use After Free 18469-17084 18469-17084 Important 18469-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18469-17084 1.0 2025-09-03T20:46:33 <p>Information published.</p> 1.1 2026-02-19T01:16:24 <p>Information published.</p> An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root). Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner canonical Yes CVE-2024-5290 Uncontrolled Search Path Element 19363-17084 19907-17086 19363-17084 19907-17086 Important 19363-17084 Important 19907-17086 8.8 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 19363-17084 8.8 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 19907-17086 1.0 2025-09-03T20:14:31 <p>Information published.</p> 1.1 2026-02-19T01:13:05 <p>Information published.</p> net/mlx5: Always drain health in shutdown callback <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43866 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 17087-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 3.0 2026-03-31T14:37:32 <p>Information published.</p> 1.0 2025-09-03T19:57:38 <p>Information published.</p> 2.0 2026-03-03T14:59:26 <p>Information published.</p> drm/amd/display: Add null check in resource_log_pipe_topology_update <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43886 NULL Pointer Dereference 17087-17086 20613-17084 20725-17084 20788-17084 20823-17084 20860-17084 21094-17084 21248-17084 21308-17084 21332-17084 19683-17084 20412-17084 20553-17084 20925-17086 20956-17084 21093-17086 21344-17084 17087-17086 20613-17084 20725-17084 20788-17084 20823-17084 20860-17084 21094-17084 21248-17084 21308-17084 21332-17084 19683-17084 20412-17084 20553-17084 20925-17086 20956-17084 21093-17086 21344-17084 Moderate 17087-17086 Moderate 20613-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 21094-17084 Moderate 21248-17084 Moderate 21308-17084 Moderate 21332-17084 19683-17084 Moderate 20412-17084 Moderate 20553-17084 Moderate 20925-17086 Moderate 20956-17084 Moderate 21093-17086 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 2.0 2025-12-07T01:39:03 <p>Information published.</p> 4.0 2026-01-20T14:38:03 <p>Information published.</p> 5.0 2026-02-18T15:14:44 <p>Information published.</p> 7.0 2026-03-04T14:38:10 <p>Information published.</p> 8.0 2026-03-31T14:54:22 <p>Information published.</p> 9.0 2026-04-29T14:41:55 <p>Information published.</p> 10.0 2026-05-06T14:39:42 <p>Information published.</p> 1.0 2025-09-03T21:22:48 <p>Information published.</p> 3.0 2026-01-08T14:38:23 <p>Information published.</p> 6.0 2026-03-03T14:44:07 <p>Information published.</p> 11.0 2026-05-11T01:40:16 <p>Information published.</p> 12.0 2026-05-17T14:41:04 <p>Information published.</p> wifi: nl80211: disallow setting special AP channel widths <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43912 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 17087-17086 Moderate 20925-17086 Moderate 21093-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 2.0 2026-03-03T14:47:41 <p>Information published.</p> 3.0 2026-03-31T15:01:02 <p>Information published.</p> 1.0 2025-09-03T20:12:21 <p>Information published.</p> REXML DoS vulnerability <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-41946 Uncontrolled Resource Consumption 17264-16823 17267-16823 17669-17084 17670-17084 19723-17086 19724-17086 17737-17084 17264-16823 17267-16823 17669-17084 17670-17084 19723-17086 19724-17086 17737-17084 Important 17264-16823 Important 17267-16823 Important 17669-17084 Important 17670-17084 Important 19723-17086 Important 19724-17086 Important 17737-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17264-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17267-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17669-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17670-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19723-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19724-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17737-17084 CBL-Mariner Releases 17264-16823 19724-17086 No Security Update 3.2.7-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17264-16823 19724-17086 CBL-Mariner Releases CBL-Mariner Releases 17267-16823 19723-17086 No Security Update 3.1.4-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17267-16823 19723-17086 CBL-Mariner Releases CBL-Mariner Releases 17669-17084 17737-17084 No Security Update 3.3.4-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17669-17084 17737-17084 CBL-Mariner Releases CBL-Mariner Releases 17670-17084 No Security Update 3.3.3-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17670-17084 CBL-Mariner Releases 1.1 2024-10-15T00:00:00 <p>Added ruby to Azure Linux 3.0 Added rubygem-rexml to Azure Linux 3.0 Added ruby to CBL-Mariner 2.0 Added rubygem-rexml to CBL-Mariner 2.0</p> 1.0 2024-09-24T00:00:00 <p>Information published.</p> 1.2 2026-02-19T01:06:22 <p>Information published.</p> Vim < v9.1.0648 has a double-free in dialog_changed() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-41965 Double Free 17265-16823 17666-17084 19763-17086 19769-17084 17265-16823 17666-17084 19763-17086 19769-17084 Moderate 17265-16823 Moderate 17666-17084 Moderate 19763-17086 Moderate 19769-17084 4.2 4.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L 17265-16823 4.2 4.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L 17666-17084 4.2 4.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L 19763-17086 4.2 4.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L 19769-17084 CBL-Mariner Releases 17265-16823 19763-17086 No Security Update 9.0.2121-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17265-16823 19763-17086 CBL-Mariner Releases CBL-Mariner Releases 17666-17084 19769-17084 No Security Update 9.0.2190-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17666-17084 19769-17084 CBL-Mariner Releases 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2024-10-12T00:00:00 <p>Information published.</p> 1.2 2026-02-19T01:08:51 <p>Information published.</p> s390/mm: Add NULL pointer check to crst_table_free() base_crst_free() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42235 NULL Pointer Dereference 17661-17084 17671-17084 17661-17084 17671-17084 Moderate 17661-17084 Moderate 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 1.1 2026-02-19T01:18:06 <p>Information published.</p> usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42236 Out-of-bounds Write 17250-16823 17661-17084 17671-17084 19731-17086 17233-17086 17250-16823 17661-17084 17671-17084 19731-17086 17233-17086 Moderate 17250-16823 Moderate 17661-17084 Moderate 17671-17084 19731-17086 Moderate 17233-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19731-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17233-17086 CBL-Mariner Releases 17250-16823 19731-17086 17233-17086 No Security Update 5.15.164.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17250-16823 19731-17086 17233-17086 CBL-Mariner Releases CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 2.0 2026-02-19T01:13:57 <p>Information published.</p> 1.1 2024-08-21T00:00:00 <p>Information published.</p> firmware: cs_dsp: Validate payload length before processing block <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42237 Excessive Iteration 17233-16823 17661-17084 19682-17086 17671-17084 18490-17086 17233-16823 17661-17084 19682-17086 17671-17084 18490-17086 Moderate 17233-16823 Moderate 17661-17084 19682-17086 Moderate 17671-17084 Moderate 18490-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19682-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18490-17086 CBL-Mariner Releases 17233-16823 19682-17086 18490-17086 No Security Update 5.15.162.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17233-16823 19682-17086 18490-17086 CBL-Mariner Releases CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.1 2024-08-16T00:00:00 <p>Information published.</p> 1.0 2024-08-10T00:00:00 <p>Information published.</p> 1.2 2024-09-11T00:00:00 <p>Information published.</p> 1.3 2024-12-03T00:00:00 <p>Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0</p> 2.0 2026-02-19T01:15:31 <p>Information published.</p> bpf: Fail bpf_timer_cancel when callback is being cancelled <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42239 Improper Locking 17661-17084 17671-17084 20925-17086 17087-17086 21093-17086 17661-17084 17671-17084 20925-17086 17087-17086 21093-17086 Moderate 17661-17084 Moderate 17671-17084 Moderate 20925-17086 Moderate 17087-17086 Moderate 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 2.0 2026-03-03T14:40:57 <p>Information published.</p> 3.0 2026-03-31T14:50:07 <p>Information published.</p> 1.1 2025-11-19T01:51:55 <p>Information published.</p> 1.2 2026-02-19T01:12:49 <p>Information published.</p> x86/bhi: Avoid warning in #DB handler due to BHI mitigation <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42240 Loop with Unreachable Exit Condition ('Infinite Loop') 17207-16823 17661-17084 17671-17084 19673-17086 17095-17086 17207-16823 17661-17084 17671-17084 19673-17086 17095-17086 Moderate 17207-16823 Moderate 17661-17084 Moderate 17671-17084 19673-17086 Moderate 17095-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19673-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-17086 CBL-Mariner Releases 17207-16823 19673-17086 17095-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 19673-17086 17095-17086 CBL-Mariner Releases CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 1.1 2024-10-12T00:00:00 <p>Information published.</p> 2.0 2026-02-19T01:17:22 <p>Information published.</p> mm/shmem: disable PMD-sized page cache if needed <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42241 Allocation of Resources Without Limits or Throttling 17661-17084 17671-17084 17661-17084 17671-17084 Moderate 17661-17084 Moderate 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 1.1 2026-02-19T01:16:16 <p>Information published.</p> USB: serial: mos7840: fix crash on resume <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42244 17250-16823 17661-17084 17671-17084 19731-17086 17233-17086 17250-16823 17661-17084 17671-17084 19731-17086 17233-17086 Moderate 17250-16823 Moderate 17661-17084 Moderate 17671-17084 19731-17086 Moderate 17233-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17250-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17661-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19731-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17233-17086 CBL-Mariner Releases 17250-16823 19731-17086 17233-17086 No Security Update 5.15.164.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17250-16823 19731-17086 17233-17086 CBL-Mariner Releases CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 1.1 2024-08-21T00:00:00 <p>Information published.</p> 2.0 2026-02-19T01:19:00 <p>Information published.</p> net sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42246 Loop with Unreachable Exit Condition ('Infinite Loop') 17207-16823 17661-17084 17095-17086 17671-17084 19673-17086 17207-16823 17661-17084 17095-17086 17671-17084 19673-17086 Moderate 17207-16823 Moderate 17661-17084 Moderate 17095-17086 Moderate 17671-17084 19673-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17207-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17661-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19673-17086 CBL-Mariner Releases 17207-16823 17095-17086 19673-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 17095-17086 19673-17086 CBL-Mariner Releases CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 1.2 2024-11-01T00:00:00 <p>Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0</p> 1.3 2024-12-03T00:00:00 <p>Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0</p> 2.0 2026-02-19T01:15:07 <p>Information published.</p> 1.1 2024-10-12T00:00:00 <p>Information published.</p> tty: serial: ma35d1: Add a NULL check for of_node <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42248 NULL Pointer Dereference 17661-17084 17671-17084 17661-17084 17671-17084 Moderate 17661-17084 Moderate 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 1.1 2026-02-19T01:15:40 <p>Information published.</p> net/mlx5: Fix missing lock on sync reset reload <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42268 Improper Locking 17651-17084 17661-17084 17651-17084 17661-17084 Moderate 17651-17084 Moderate 17661-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17651-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17661-17084 CBL-Mariner Releases 17651-17084 17661-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17661-17084 CBL-Mariner Releases 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2026-02-19T01:25:03 <p>Information published.</p> netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init(). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42270 NULL Pointer Dereference 17207-16823 17651-17084 19673-17086 17095-17086 17661-17084 17207-16823 17651-17084 19673-17086 17095-17086 17661-17084 Moderate 17207-16823 Moderate 17651-17084 19673-17086 Moderate 17095-17086 Moderate 17661-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19673-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17661-17084 CBL-Mariner Releases 17207-16823 19673-17086 17095-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 19673-17086 17095-17086 CBL-Mariner Releases CBL-Mariner Releases 17651-17084 17661-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17661-17084 CBL-Mariner Releases 2.0 2026-02-18T14:43:29 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2024-10-12T00:00:00 <p>Information published.</p> sched: act_ct: take care of padding in struct zones_ht_key <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42272 Use of Uninitialized Resource 17207-16823 19670-17086 17250-17086 17207-16823 19670-17086 17250-17086 Moderate 17207-16823 19670-17086 Moderate 17250-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19670-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17250-17086 CBL-Mariner Releases 17207-16823 19670-17086 17250-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 19670-17086 17250-17086 CBL-Mariner Releases 2.0 2026-02-21T02:54:22 <p>Information published.</p> 1.0 2024-10-12T00:00:00 <p>Information published.</p> mISDN: Fix a use after free in hfcmulti_tx() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42280 Use After Free 17207-16823 17250-17086 19670-17086 17207-16823 17250-17086 19670-17086 Important 17207-16823 Important 17250-17086 19670-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17207-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17250-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19670-17086 CBL-Mariner Releases 17207-16823 17250-17086 19670-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 17250-17086 19670-17086 CBL-Mariner Releases 2.0 2026-02-18T02:16:05 <p>Information published.</p> 1.0 2024-10-12T00:00:00 <p>Information published.</p> tipc: Return non-zero value from tipc_udp_addr2str() on error <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42284 Improper Check for Unusual or Exceptional Conditions 17207-16823 17651-17084 17661-17084 19670-17086 17250-17086 17207-16823 17651-17084 17661-17084 19670-17086 17250-17086 Important 17207-16823 Important 17651-17084 Important 17661-17084 19670-17086 Important 17250-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17661-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19670-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17250-17086 CBL-Mariner Releases 17207-16823 19670-17086 17250-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 19670-17086 17250-17086 CBL-Mariner Releases CBL-Mariner Releases 17651-17084 17661-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17661-17084 CBL-Mariner Releases 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2024-10-12T00:00:00 <p>Information published.</p> 2.0 2026-02-19T01:24:37 <p>Information published.</p> scsi: qla2xxx: validate nvme_local_port correctly <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42286 NULL Pointer Dereference 17207-16823 19670-17086 17250-17086 17207-16823 19670-17086 17250-17086 Moderate 17207-16823 19670-17086 Moderate 17250-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19670-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17250-17086 CBL-Mariner Releases 17207-16823 19670-17086 17250-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 19670-17086 17250-17086 CBL-Mariner Releases 1.0 2024-10-12T00:00:00 <p>Information published.</p> 2.0 2026-02-18T02:07:49 <p>Information published.</p> scsi: qla2xxx: Complete command early within lock <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42287 NULL Pointer Dereference 17207-16823 19670-17086 17250-17086 17207-16823 19670-17086 17250-17086 Moderate 17207-16823 19670-17086 Moderate 17250-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17207-16823 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 19670-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17250-17086 CBL-Mariner Releases 17207-16823 19670-17086 17250-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 19670-17086 17250-17086 CBL-Mariner Releases 2.0 2026-02-18T02:08:53 <p>Information published.</p> 1.0 2024-10-12T00:00:00 <p>Information published.</p> scsi: qla2xxx: Fix for possible memory corruption <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42288 Out-of-bounds Write 17207-16823 19670-17086 17250-17086 17207-16823 19670-17086 17250-17086 Moderate 17207-16823 19670-17086 Moderate 17250-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19670-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17250-17086 CBL-Mariner Releases 17207-16823 19670-17086 17250-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 19670-17086 17250-17086 CBL-Mariner Releases 1.0 2024-10-12T00:00:00 <p>Information published.</p> 2.0 2026-02-18T01:20:17 <p>Information published.</p> block: fix deadlock between sd_remove & sd_release <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42294 Improper Locking 17651-17084 17661-17084 17651-17084 17661-17084 Moderate 17651-17084 Moderate 17661-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17661-17084 CBL-Mariner Releases 17651-17084 17661-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17661-17084 CBL-Mariner Releases 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2026-02-19T01:24:27 <p>Information published.</p> dev/parport: fix the array out-of-bounds risk <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42301 Improper Validation of Array Index 17207-16823 17651-17084 17250-17086 19670-17086 17661-17084 17207-16823 17651-17084 17250-17086 19670-17086 17661-17084 Important 17207-16823 Important 17651-17084 Important 17250-17086 19670-17086 Important 17661-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17250-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19670-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17661-17084 CBL-Mariner Releases 17207-16823 17250-17086 19670-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 17250-17086 19670-17086 CBL-Mariner Releases CBL-Mariner Releases 17651-17084 17661-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17661-17084 CBL-Mariner Releases 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2024-10-12T00:00:00 <p>Information published.</p> 2.0 2026-02-18T15:03:57 <p>Information published.</p> Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42308 17207-16823 19670-17086 17250-17086 17207-16823 19670-17086 17250-17086 Moderate 17207-16823 19670-17086 17250-17086 CBL-Mariner Releases 17207-16823 19670-17086 17250-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 19670-17086 17250-17086 CBL-Mariner Releases 1.0 2024-10-12T00:00:00 <p>Information published.</p> 2.0 2026-02-21T00:52:44 <p>Information published.</p> drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42309 NULL Pointer Dereference 17207-16823 17651-17084 19670-17086 17661-17084 17250-17086 17207-16823 17651-17084 19670-17086 17661-17084 17250-17086 Moderate 17207-16823 Moderate 17651-17084 19670-17086 Moderate 17661-17084 Moderate 17250-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19670-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17661-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17250-17086 CBL-Mariner Releases 17207-16823 19670-17086 17250-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 19670-17086 17250-17086 CBL-Mariner Releases CBL-Mariner Releases 17651-17084 17661-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17661-17084 CBL-Mariner Releases 2.0 2026-02-18T15:06:56 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2024-10-12T00:00:00 <p>Information published.</p> drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42310 NULL Pointer Dereference 17207-16823 17651-17084 17661-17084 17250-17086 19670-17086 17207-16823 17651-17084 17661-17084 17250-17086 19670-17086 Moderate 17207-16823 Moderate 17651-17084 Moderate 17661-17084 Moderate 17250-17086 19670-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17661-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17250-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19670-17086 CBL-Mariner Releases 17207-16823 17250-17086 19670-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 17250-17086 19670-17086 CBL-Mariner Releases CBL-Mariner Releases 17651-17084 17661-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17661-17084 CBL-Mariner Releases 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2024-10-12T00:00:00 <p>Information published.</p> 2.0 2026-02-18T15:05:04 <p>Information published.</p> media: venus: fix use after free in vdec_close <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42313 Use After Free 17207-16823 17651-17084 17250-17086 19670-17086 17661-17084 17207-16823 17651-17084 17250-17086 19670-17086 17661-17084 Important 17207-16823 Important 17651-17084 Important 17250-17086 19670-17086 Important 17661-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17207-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17651-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17250-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19670-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17661-17084 CBL-Mariner Releases 17207-16823 17250-17086 19670-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 17250-17086 19670-17086 CBL-Mariner Releases CBL-Mariner Releases 17651-17084 17661-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17661-17084 CBL-Mariner Releases 2.0 2026-02-18T15:00:26 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2024-10-12T00:00:00 <p>Information published.</p> btrfs: fix extent map use-after-free when adding pages to compressed bio <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42314 Use After Free 17651-17084 17661-17084 17651-17084 17661-17084 Important 17651-17084 Important 17661-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17661-17084 CBL-Mariner Releases 17651-17084 17661-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17661-17084 CBL-Mariner Releases 1.1 2026-02-18T15:08:30 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> exfat: fix potential deadlock on __exfat_get_dentry_set <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42315 Improper Locking 17651-17084 17661-17084 17651-17084 17661-17084 Moderate 17651-17084 Moderate 17661-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17661-17084 CBL-Mariner Releases 17651-17084 17661-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17661-17084 CBL-Mariner Releases 1.1 2026-02-18T15:08:42 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> WebOb's location header normalization during redirect leads to open redirect <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-42353 URL Redirection to Untrusted Site ('Open Redirect') 17254-16823 17656-17084 20226-17086 20224-17084 17254-16823 17656-17084 20226-17086 20224-17084 Moderate 17254-16823 Moderate 17656-17084 Moderate 20226-17086 Moderate 20224-17084 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 17254-16823 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 17656-17084 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 20226-17086 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 20224-17084 CBL-Mariner Releases 17254-16823 17656-17084 20226-17086 20224-17084 No Security Update 1.8.8-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17254-16823 17656-17084 20226-17086 20224-17084 CBL-Mariner Releases 1.2 2026-02-18T14:45:16 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2024-10-12T00:00:00 <p>Information published.</p> In the Elliptic package 6.5.6 for Node.js ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-42460 Improper Handling of Length Parameter Inconsistency 17261-16823 19820-17086 17261-16823 19820-17086 Moderate 17261-16823 Moderate 19820-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 17261-16823 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 19820-17086 CBL-Mariner Releases 17261-16823 19820-17086 No Security Update 3.1.1-11 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17261-16823 19820-17086 CBL-Mariner Releases 1.1 2026-02-19T01:11:37 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> Unbound: heap-buffer-overflow in unbound <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2024-43168 Heap-based Buffer Overflow 17257-16823 17659-17084 17617-17084 19765-17086 17257-16823 17659-17084 17617-17084 19765-17086 Moderate 17257-16823 Moderate 17659-17084 Moderate 17617-17084 Moderate 19765-17086 4.8 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L 17257-16823 4.8 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L 17659-17084 4.8 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L 17617-17084 4.8 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L 19765-17086 CBL-Mariner Releases 17257-16823 17659-17084 17617-17084 19765-17086 No Security Update 1.19.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17257-16823 17659-17084 17617-17084 19765-17086 CBL-Mariner Releases 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2026-02-19T01:24:05 <p>Information published.</p> DOM Clobbering Gadget found in Webpack's AutoPublicPathRuntimeModule that leads to Cross-site Scripting (XSS) <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-43788 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 17645-17084 19693-17084 17645-17084 19693-17084 Moderate 17645-17084 Moderate 19693-17084 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 17645-17084 6.4 6.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H 19693-17084 CBL-Mariner Releases 17645-17084 19693-17084 No Security Update 2.16.2-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17645-17084 19693-17084 CBL-Mariner Releases 1.0 2024-10-15T00:00:00 <p>Information published.</p> 1.1 2026-02-18T15:17:18 <p>Information published.</p> net: missing check virtio <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43817 17207-16823 19670-17086 17250-17086 17207-16823 19670-17086 17250-17086 Moderate 17207-16823 19670-17086 Moderate 17250-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19670-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17250-17086 CBL-Mariner Releases 17207-16823 19670-17086 17250-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 19670-17086 17250-17086 CBL-Mariner Releases 1.0 2024-10-12T00:00:00 <p>Information published.</p> 2.0 2026-02-21T00:55:24 <p>Information published.</p> drm/qxl: Add check for drm_cvt_mode <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43829 NULL Pointer Dereference 17207-16823 19673-17086 17095-17086 17207-16823 19673-17086 17095-17086 Moderate 17207-16823 19673-17086 Moderate 17095-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17207-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19673-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-17086 CBL-Mariner Releases 17207-16823 19673-17086 17095-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 19673-17086 17095-17086 CBL-Mariner Releases 1.1 2024-11-01T00:00:00 <p>Added kernel to CBL-Mariner 2.0</p> 1.2 2024-12-03T00:00:00 <p>Added kernel to CBL-Mariner 2.0</p> 1.0 2024-10-12T00:00:00 <p>Information published.</p> 2.0 2026-02-21T02:58:25 <p>Information published.</p> bpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43837 NULL Pointer Dereference 17651-17084 17661-17084 17651-17084 17661-17084 Moderate 17651-17084 Moderate 17661-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17651-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17661-17084 CBL-Mariner Releases 17651-17084 17661-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17661-17084 CBL-Mariner Releases 1.1 2026-02-18T15:08:19 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> block: initialize integrity buffer to zero before writing it to media <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43854 Missing Release of Memory after Effective Lifetime 17207-16823 17651-17084 19670-17086 17250-17086 17661-17084 17207-16823 17651-17084 19670-17086 17250-17086 17661-17084 Moderate 17207-16823 Moderate 17651-17084 19670-17086 Moderate 17250-17086 Moderate 17661-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19670-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17250-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17661-17084 CBL-Mariner Releases 17207-16823 19670-17086 17250-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 19670-17086 17250-17086 CBL-Mariner Releases CBL-Mariner Releases 17651-17084 17661-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17661-17084 CBL-Mariner Releases 2.0 2026-02-18T15:02:55 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2024-10-12T00:00:00 <p>Information published.</p> dma: fix call order in dmam_free_coherent <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43856 Allocation of Resources Without Limits or Throttling 17207-16823 17651-17084 17250-17086 19670-17086 17661-17084 17207-16823 17651-17084 17250-17086 19670-17086 17661-17084 Moderate 17207-16823 Moderate 17651-17084 Moderate 17250-17086 19670-17086 Moderate 17661-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17250-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19670-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17661-17084 CBL-Mariner Releases 17207-16823 17250-17086 19670-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 17250-17086 19670-17086 CBL-Mariner Releases CBL-Mariner Releases 17651-17084 17661-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17661-17084 CBL-Mariner Releases 2.0 2026-02-18T14:57:42 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2024-10-12T00:00:00 <p>Information published.</p> f2fs: fix to truncate preallocated blocks in f2fs_file_open() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43859 NULL Pointer Dereference 17651-17084 17661-17084 17651-17084 17661-17084 Moderate 17651-17084 Moderate 17661-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17661-17084 CBL-Mariner Releases 17651-17084 17661-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17661-17084 CBL-Mariner Releases 1.1 2026-02-18T15:09:05 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> net: usb: qmi_wwan: fix memory leak for not ip packets <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43861 Missing Release of Memory after Effective Lifetime 17207-16823 19670-17086 17250-17086 17207-16823 19670-17086 17250-17086 Moderate 17207-16823 19670-17086 Moderate 17250-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19670-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17250-17086 CBL-Mariner Releases 17207-16823 19670-17086 17250-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 19670-17086 17250-17086 CBL-Mariner Releases 1.0 2024-10-12T00:00:00 <p>Information published.</p> 2.0 2026-02-18T01:02:04 <p>Information published.</p> drm/vmwgfx: Fix a deadlock in dma buf fence polling <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43863 Improper Locking 17207-16823 19670-17086 17250-17086 17207-16823 19670-17086 17250-17086 Moderate 17207-16823 19670-17086 Moderate 17250-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19670-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17250-17086 CBL-Mariner Releases 17207-16823 19670-17086 17250-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 19670-17086 17250-17086 CBL-Mariner Releases 1.0 2024-10-12T00:00:00 <p>Information published.</p> 2.0 2026-02-18T01:03:15 <p>Information published.</p> devres: Fix memory leakage caused by driver API devm_free_percpu() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43871 Missing Release of Memory after Effective Lifetime 17207-16823 19670-17086 17250-17086 17207-16823 19670-17086 17250-17086 Moderate 17207-16823 19670-17086 Moderate 17250-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19670-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17250-17086 CBL-Mariner Releases 17207-16823 19670-17086 17250-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 19670-17086 17250-17086 CBL-Mariner Releases 1.0 2024-10-12T00:00:00 <p>Information published.</p> 2.0 2026-02-21T00:48:52 <p>Information published.</p> exec: Fix ToCToU between perm check and set-uid/gid usage <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43882 Time-of-check Time-of-use (TOCTOU) Race Condition 17207-16823 19670-17086 17250-17086 17207-16823 19670-17086 17250-17086 Important 17207-16823 19670-17086 Important 17250-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17207-16823 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19670-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17250-17086 CBL-Mariner Releases 17207-16823 19670-17086 17250-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 19670-17086 17250-17086 CBL-Mariner Releases 2.0 2026-02-21T00:57:15 <p>Information published.</p> 1.0 2024-10-12T00:00:00 <p>Information published.</p> padata: Fix possible divide-by-0 panic in padata_mt_helper() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43889 Divide By Zero 17207-16823 19670-17086 17250-17086 17207-16823 19670-17086 17250-17086 Moderate 17207-16823 19670-17086 Moderate 17250-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19670-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17250-17086 CBL-Mariner Releases 17207-16823 19670-17086 17250-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 19670-17086 17250-17086 CBL-Mariner Releases 1.0 2024-10-12T00:00:00 <p>Information published.</p> 2.0 2026-02-18T15:16:18 <p>Information published.</p> tracing: Have format file honor EVENT_FILE_FL_FREED <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43891 Use After Free 17631-17084 17651-17084 17631-17084 17651-17084 Moderate 17631-17084 Moderate 17651-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17651-17084 CBL-Mariner Releases 17631-17084 17651-17084 No Security Update 6.6.51.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17631-17084 17651-17084 CBL-Mariner Releases 1.0 2024-10-15T00:00:00 <p>Information published.</p> 1.1 2026-02-18T01:27:20 <p>Information published.</p> serial: core: check uartclk for zero to avoid divide by zero <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43893 Divide By Zero 17207-16823 19670-17086 17250-17086 17207-16823 19670-17086 17250-17086 Moderate 17207-16823 19670-17086 Moderate 17250-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17207-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19670-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17250-17086 CBL-Mariner Releases 17207-16823 19670-17086 17250-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 19670-17086 17250-17086 CBL-Mariner Releases 2.0 2026-02-18T02:15:15 <p>Information published.</p> 1.0 2024-10-12T00:00:00 <p>Information published.</p> net: drop bad gso csum_start and offset in virtio_net_hdr <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43897 17207-16823 19673-17086 17095-17086 17207-16823 19673-17086 17095-17086 Moderate 17207-16823 19673-17086 Moderate 17095-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19673-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-17086 CBL-Mariner Releases 17207-16823 19673-17086 17095-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 19673-17086 17095-17086 CBL-Mariner Releases 1.1 2024-11-01T00:00:00 <p>Added kernel to CBL-Mariner 2.0</p> 1.2 2024-12-03T00:00:00 <p>Added kernel to CBL-Mariner 2.0</p> 2.0 2026-02-18T01:26:41 <p>Information published.</p> 1.0 2024-10-12T00:00:00 <p>Information published.</p> drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43905 NULL Pointer Dereference 17207-16823 18490-17086 19682-17086 17207-16823 18490-17086 19682-17086 Moderate 17207-16823 Moderate 18490-17086 19682-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18490-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19682-17086 CBL-Mariner Releases 17207-16823 18490-17086 19682-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 18490-17086 19682-17086 CBL-Mariner Releases 1.2 2024-12-03T00:00:00 <p>Added kernel to CBL-Mariner 2.0</p> 2.0 2026-02-18T15:15:21 <p>Information published.</p> 1.0 2024-10-12T00:00:00 <p>Information published.</p> 1.1 2024-11-01T00:00:00 <p>Added kernel to CBL-Mariner 2.0</p> drm/amdgpu: Fix the null pointer dereference to ras_manager <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43908 NULL Pointer Dereference 17207-16823 17250-17086 19670-17086 17207-16823 17250-17086 19670-17086 Moderate 17207-16823 Moderate 17250-17086 19670-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17207-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17250-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19670-17086 CBL-Mariner Releases 17207-16823 17250-17086 19670-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 17250-17086 19670-17086 CBL-Mariner Releases 2.0 2026-02-18T15:16:04 <p>Information published.</p> 1.0 2024-10-12T00:00:00 <p>Information published.</p> drm/amdgpu/pm: Fix the null pointer dereference for smu7 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43909 NULL Pointer Dereference 17207-16823 17250-17086 19670-17086 17207-16823 17250-17086 19670-17086 Moderate 17207-16823 Moderate 17250-17086 19670-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17250-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19670-17086 CBL-Mariner Releases 17207-16823 17250-17086 19670-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 17250-17086 19670-17086 CBL-Mariner Releases 1.0 2024-10-12T00:00:00 <p>Information published.</p> 2.0 2026-02-18T15:15:43 <p>Information published.</p> An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-44070 17251-16823 17655-17084 20236-17086 17251-16823 17655-17084 20236-17086 Important 17251-16823 Important 17655-17084 Important 20236-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17251-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17655-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20236-17086 CBL-Mariner Releases 17251-16823 20236-17086 No Security Update 8.5.5-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17251-16823 20236-17086 CBL-Mariner Releases CBL-Mariner Releases 17655-17084 No Security Update 9.1.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17655-17084 CBL-Mariner Releases 1.1 2024-12-03T00:00:00 <p>Added frr to CBL-Mariner 2.0 Added frr to Azure Linux 3.0</p> 1.2 2026-02-18T14:48:35 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> net: bridge: mcast: wait for previous gc cycles when removing port <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-44934 Use After Free 17207-16823 19670-17086 17250-17086 17207-16823 19670-17086 17250-17086 Important 17207-16823 19670-17086 Important 17250-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17207-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19670-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17250-17086 CBL-Mariner Releases 17207-16823 19670-17086 17250-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 19670-17086 17250-17086 CBL-Mariner Releases 2.0 2026-02-18T15:16:12 <p>Information published.</p> 1.0 2024-10-12T00:00:00 <p>Information published.</p> netfilter: ctnetlink: use helper function to calculate expect ID <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-44944 Missing Release of Memory after Effective Lifetime 17207-16823 19670-17086 17250-17086 17207-16823 19670-17086 17250-17086 Moderate 17207-16823 19670-17086 Moderate 17250-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19670-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17250-17086 CBL-Mariner Releases 17207-16823 19670-17086 17250-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 19670-17086 17250-17086 CBL-Mariner Releases 1.0 2024-10-12T00:00:00 <p>Information published.</p> 2.0 2026-02-21T00:49:41 <p>Information published.</p> An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-45491 Integer Overflow or Wraparound 17243-16823 17641-17084 17098-17086 17399-17086 17464-17084 17545-17084 17783-17084 19681-17086 19756-17086 20147-17086 17243-16823 17641-17084 17098-17086 17399-17086 17464-17084 17545-17084 17783-17084 19681-17086 19756-17086 20147-17086 Critical 17243-16823 Critical 17641-17084 Critical 17098-17086 Important 17399-17086 Critical 17464-17084 Critical 17545-17084 Important 17783-17084 Critical 19681-17086 19756-17086 20147-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17243-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17641-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17098-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17399-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17464-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17545-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17783-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19681-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19756-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20147-17086 CBL-Mariner Releases 17243-16823 17641-17084 17399-17086 17783-17084 20147-17086 No Security Update 2.6.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17243-16823 17641-17084 17399-17086 17783-17084 20147-17086 CBL-Mariner Releases CBL-Mariner Releases 17545-17084 No Security Update 3.12.9-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17545-17084 CBL-Mariner Releases 1.1 2024-10-15T00:00:00 <p>Added expat to Azure Linux 3.0 Added expat to CBL-Mariner 2.0</p> 2.0 2026-02-18T15:18:26 <p>Information published.</p> 1.0 2024-09-13T00:00:00 <p>Information published.</p> 1.2 2025-03-14T00:00:00 <p>Added python3 to Azure Linux 3.0 Added expat to Azure Linux 3.0 Added expat to CBL-Mariner 2.0</p> An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-45492 Integer Overflow or Wraparound 17243-16823 17641-17084 17783-17084 19756-17086 17098-17086 17399-17086 17545-17084 17464-17084 19681-17086 20147-17086 17243-16823 17641-17084 17783-17084 19756-17086 17098-17086 17399-17086 17545-17084 17464-17084 19681-17086 20147-17086 Critical 17243-16823 Critical 17641-17084 Important 17783-17084 19756-17086 Critical 17098-17086 Important 17399-17086 Critical 17545-17084 Critical 17464-17084 Critical 19681-17086 20147-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17243-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17641-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17783-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19756-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17098-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17399-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17545-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17464-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19681-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20147-17086 CBL-Mariner Releases 17243-16823 17641-17084 17783-17084 17399-17086 20147-17086 No Security Update 2.6.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17243-16823 17641-17084 17783-17084 17399-17086 20147-17086 CBL-Mariner Releases CBL-Mariner Releases 17545-17084 No Security Update 3.12.9-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17545-17084 CBL-Mariner Releases 1.1 2024-10-15T00:00:00 <p>Added expat to Azure Linux 3.0 Added expat to CBL-Mariner 2.0</p> 1.2 2025-03-14T00:00:00 <p>Added python3 to Azure Linux 3.0 Added expat to Azure Linux 3.0 Added expat to CBL-Mariner 2.0</p> 2.0 2026-02-18T15:18:02 <p>Information published.</p> 1.0 2024-09-13T00:00:00 <p>Information published.</p> Buffer overread in domain name matching <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner wolfSSL Yes CVE-2024-5991 Out-of-bounds Read 17246-16823 17644-17084 17246-16823 17644-17084 Critical 17246-16823 Critical 17644-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17246-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17644-17084 CBL-Mariner Releases 17246-16823 No Security Update 10.6.9-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17246-16823 CBL-Mariner Releases CBL-Mariner Releases 17644-17084 No Security Update 10.6.9-6 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17644-17084 CBL-Mariner Releases 1.0 2024-12-07T00:00:00 <p>Information published.</p> 1.1 2024-12-12T00:00:00 <p>Added mariadb to CBL-Mariner 2.0 Added mariadb to Azure Linux 3.0</p> Email header injection due to unquoted newlines <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner PSF Yes CVE-2024-6923 Improper Control of Generation of Code ('Code Injection') 17266-16823 17667-17084 17668-17084 17545-17084 19681-17086 17266-16823 17667-17084 17668-17084 17545-17084 19681-17086 Moderate 17266-16823 Moderate 17667-17084 Moderate 17668-17084 Moderate 17545-17084 Moderate 19681-17086 5.5 5.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L 17266-16823 5.5 5.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L 17667-17084 5.5 5.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L 17668-17084 5.5 5.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L 17545-17084 5.5 5.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L 19681-17086 CBL-Mariner Releases 17266-16823 19681-17086 No Security Update 3.9.19-8 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17266-16823 19681-17086 CBL-Mariner Releases CBL-Mariner Releases 17667-17084 No Security Update 2.16.1-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17667-17084 CBL-Mariner Releases CBL-Mariner Releases 17668-17084 17545-17084 No Security Update 3.12.3-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17668-17084 17545-17084 CBL-Mariner Releases 1.0 2024-10-15T00:00:00 <p>Information published.</p> 1.4 2026-02-19T01:07:57 <p>Information published.</p> 1.1 2024-12-21T00:00:00 <p>Added python3 to CBL-Mariner 2.0 Added python3 to Azure Linux 3.0</p> 1.2 2025-02-20T00:00:00 <p>Added python3 to Azure Linux 3.0 Added python3 to CBL-Mariner 2.0</p> 1.3 2025-02-21T00:00:00 <p>Added tensorflow to Azure Linux 3.0 Added python3 to Azure Linux 3.0 Added python3 to CBL-Mariner 2.0</p> NGINX MP4 module vulnerability <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner f5 Yes CVE-2024-7347 Out-of-bounds Read 17256-16823 17658-17084 20144-17086 19860-17084 17256-16823 17658-17084 20144-17086 19860-17084 Moderate 17256-16823 Moderate 17658-17084 Moderate 20144-17086 Moderate 19860-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H 17256-16823 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H 17658-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20144-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 19860-17084 CBL-Mariner Releases 17256-16823 20144-17086 No Security Update 1.22.1-12 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17256-16823 20144-17086 CBL-Mariner Releases CBL-Mariner Releases 17658-17084 19860-17084 No Security Update 1.25.4-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17658-17084 19860-17084 CBL-Mariner Releases 1.1 2024-10-15T00:00:00 <p>Added nginx to Azure Linux 3.0 Added nginx to CBL-Mariner 2.0</p> 1.2 2024-12-03T00:00:00 <p>Added nginx to CBL-Mariner 2.0 Added nginx to Azure Linux 3.0</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.3 2026-02-19T01:24:15 <p>Information published.</p> PostgreSQL relation replacement during pg_dump executes arbitrary SQL <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner PostgreSQL Yes CVE-2024-7348 Time-of-check Time-of-use (TOCTOU) Race Condition 17259-16823 17663-17084 17740-17084 20053-17086 17259-16823 17663-17084 17740-17084 20053-17086 Important 17259-16823 Important 17663-17084 Important 17740-17084 Important 20053-17086 7.5 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17259-16823 7.5 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17663-17084 7.5 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17740-17084 7.5 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 20053-17086 CBL-Mariner Releases 17259-16823 20053-17086 No Security Update 14.13-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17259-16823 20053-17086 CBL-Mariner Releases CBL-Mariner Releases 17663-17084 17740-17084 No Security Update 16.4-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17663-17084 17740-17084 CBL-Mariner Releases 1.2 2026-02-19T01:19:45 <p>Information published.</p> 1.0 2024-08-16T00:00:00 <p>Information published.</p> 1.1 2024-09-11T00:00:00 <p>Information published.</p> NULL pointer dereference in libpcap before 1.10.5 with remote packet capture support <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Tcpdump Yes CVE-2024-8006 NULL Pointer Dereference 17245-16823 17642-17084 17643-17084 20209-17084 20217-17086 20213-17086 17245-16823 17642-17084 17643-17084 20209-17084 20217-17086 20213-17086 Moderate 17245-16823 Moderate 17642-17084 Moderate 17643-17084 Moderate 20209-17084 Moderate 20217-17086 Moderate 20213-17086 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17245-16823 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17642-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17643-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20209-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20217-17086 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20213-17086 CBL-Mariner Releases 17245-16823 20213-17086 No Security Update 1.10.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17245-16823 20213-17086 CBL-Mariner Releases CBL-Mariner Releases 17642-17084 No Security Update 7.95-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17642-17084 CBL-Mariner Releases CBL-Mariner Releases 17643-17084 20209-17084 No Security Update 1.10.5-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17643-17084 20209-17084 CBL-Mariner Releases CBL-Mariner Releases 20217-17086 No Security Update 7.93-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20217-17086 CBL-Mariner Releases 1.0 2024-11-01T00:00:00 <p>Information published.</p> 1.1 2024-11-09T00:00:00 <p>Added libpcap to Azure Linux 3.0 Added libpcap to CBL-Mariner 2.0</p> 1.2 2024-11-20T00:00:00 <p>Added nmap to CBL-Mariner 2.0 Added libpcap to CBL-Mariner 2.0 Added libpcap to Azure Linux 3.0</p> 1.3 2024-11-26T00:00:00 <p>Added nmap to Azure Linux 3.0 Added libpcap to Azure Linux 3.0 Added nmap to CBL-Mariner 2.0 Added libpcap to CBL-Mariner 2.0</p> 1.4 2026-02-21T00:46:02 <p>Information published.</p> Infinite loop when iterating over zip archive entry names from zipfile.Path <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner PSF Yes CVE-2024-8088 Loop with Unreachable Exit Condition ('Infinite Loop') 17242-16823 17541-17084 17637-17084 19681-17086 17545-17084 17667-17084 17242-16823 17541-17084 17637-17084 19681-17086 17545-17084 17667-17084 Important 17242-16823 Important 17541-17084 Important 17637-17084 19681-17086 17545-17084 17667-17084 CBL-Mariner Releases 17242-16823 19681-17086 No Security Update 3.9.19-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17242-16823 19681-17086 CBL-Mariner Releases CBL-Mariner Releases 17541-17084 17667-17084 No Security Update 2.16.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17541-17084 17667-17084 CBL-Mariner Releases CBL-Mariner Releases 17637-17084 17545-17084 No Security Update 3.12.3-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17637-17084 17545-17084 CBL-Mariner Releases 1.0 2024-09-26T00:00:00 <p>Information published.</p> 1.1 2024-10-15T00:00:00 <p>Added python3 to Azure Linux 3.0 Added tensorflow to Azure Linux 3.0 Added python3 to CBL-Mariner 2.0</p> 1.2 2024-12-03T00:00:00 <p>Added python3 to CBL-Mariner 2.0 Added python3 to Azure Linux 3.0 Added tensorflow to Azure Linux 3.0</p> Apache Portable Runtime (APR): Unexpected lax shared memory permissions <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner apache Yes CVE-2023-49582 Incorrect Permission Assignment for Critical Resource 20064-17084 20069-17086 18089-16823 18090-17084 20064-17084 20069-17086 18089-16823 18090-17084 Moderate 20064-17084 Moderate 20069-17086 Moderate 18089-16823 Moderate 18090-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 20064-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 20069-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 18089-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 18090-17084 CBL-Mariner Releases 20064-17084 20069-17086 18089-16823 18090-17084 No Security Update 1.7.5-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20064-17084 20069-17086 18089-16823 18090-17084 CBL-Mariner Releases 1.0 2024-11-01T00:00:00 <p>Information published.</p> 1.1 2024-11-09T00:00:00 <p>Added apr to Azure Linux 3.0 Added apr to CBL-Mariner 2.0</p> 1.2 2026-02-18T15:14:53 <p>Information published.</p> apparmor: Fix null pointer deref when receiving skb during sock creation <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2023-52889 NULL Pointer Dereference 17207-16823 17651-17084 17661-17084 19670-17086 17250-17086 17207-16823 17651-17084 17661-17084 19670-17086 17250-17086 Moderate 17207-16823 Moderate 17651-17084 Moderate 17661-17084 19670-17086 Moderate 17250-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17661-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19670-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17250-17086 CBL-Mariner Releases 17207-16823 19670-17086 17250-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 19670-17086 17250-17086 CBL-Mariner Releases CBL-Mariner Releases 17651-17084 17661-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17661-17084 CBL-Mariner Releases 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2024-10-12T00:00:00 <p>Information published.</p> 2.0 2026-02-19T01:24:57 <p>Information published.</p> xdp: fix invalid wait context of page_pool_destroy() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43834 17110-16823 17095-17086 19673-17086 17110-16823 17095-17086 19673-17086 Moderate 17110-16823 17095-17086 19673-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17110-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19673-17086 CBL-Mariner Releases 17110-16823 No Security Update 5.15.176.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17110-16823 CBL-Mariner Releases CBL-Mariner Releases 19673-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19673-17086 CBL-Mariner Releases 1.0 2025-09-03T21:47:49 <p>Information published.</p> 2.0 2026-02-21T01:59:33 <p>Information published.</p> wifi: virt_wifi: avoid reporting connection success with wrong SSID <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43841 17110-16823 18490-17086 19682-17086 17110-16823 18490-17086 19682-17086 Low 17110-16823 18490-17086 19682-17086 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 17110-16823 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 18490-17086 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 19682-17086 CBL-Mariner Releases 17110-16823 No Security Update 5.15.176.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17110-16823 CBL-Mariner Releases CBL-Mariner Releases 19682-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19682-17086 CBL-Mariner Releases 2.0 2026-02-18T03:02:17 <p>Information published.</p> 1.0 2025-09-03T20:55:30 <p>Information published.</p> lib: objagg: Fix general protection fault <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43846 17110-16823 19673-17086 17095-17086 17110-16823 19673-17086 17095-17086 Moderate 17110-16823 19673-17086 17095-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17110-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19673-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-17086 CBL-Mariner Releases 17110-16823 No Security Update 5.15.176.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17110-16823 CBL-Mariner Releases CBL-Mariner Releases 19673-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19673-17086 CBL-Mariner Releases 2.0 2026-02-18T02:04:54 <p>Information published.</p> 1.0 2025-09-03T22:18:52 <p>Information published.</p> gpio: prevent potential speculation leaks in gpio_device_get_desc() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-44931 17110-16823 19673-17086 17095-17086 17110-16823 19673-17086 17095-17086 Moderate 17110-16823 19673-17086 Moderate 17095-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 17110-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 19673-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 17095-17086 CBL-Mariner Releases 17110-16823 No Security Update 5.15.176.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17110-16823 CBL-Mariner Releases CBL-Mariner Releases 19673-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19673-17086 CBL-Mariner Releases 2.0 2026-02-18T01:19:37 <p>Information published.</p> 1.0 2025-09-03T20:05:56 <p>Information published.</p> closures: Change BUG_ON() to WARN_ON() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42252 Reachable Assertion 17501-17084 19529-17084 17087-17086 20925-17086 21093-17086 17501-17084 19529-17084 17087-17086 20925-17086 21093-17086 Moderate 17501-17084 Moderate 19529-17084 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19529-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 CBL-Mariner Releases 17501-17084 No Security Update 6.6.64.2-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17501-17084 CBL-Mariner Releases CBL-Mariner Releases 19529-17084 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 CBL-Mariner Releases 1.0 2025-09-03T20:29:32 <p>Information published.</p> 1.1 2026-02-18T01:30:58 <p>Information published.</p> 3.0 2026-03-31T15:02:55 <p>Information published.</p> 2.0 2026-03-03T14:48:31 <p>Information published.</p> nvme: apple: fix device reference counting <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43913 Missing Release of Memory after Effective Lifetime 17501-17084 20925-17086 21093-17086 17087-17086 19529-17084 17501-17084 20925-17086 21093-17086 17087-17086 19529-17084 Moderate 17501-17084 Moderate 20925-17086 Moderate 21093-17086 Moderate 17087-17086 Moderate 19529-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19529-17084 CBL-Mariner Releases 17501-17084 No Security Update 6.6.64.2-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17501-17084 CBL-Mariner Releases CBL-Mariner Releases 19529-17084 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 CBL-Mariner Releases 1.0 2025-09-03T20:04:49 <p>Information published.</p> 1.1 2026-02-18T01:19:03 <p>Information published.</p> 2.0 2026-03-03T14:47:21 <p>Information published.</p> 3.0 2026-03-31T15:00:38 <p>Information published.</p> drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43904 NULL Pointer Dereference 17501-17084 19529-17084 19673-17086 17095-17086 17501-17084 19529-17084 19673-17086 17095-17086 Moderate 17501-17084 Moderate 19529-17084 19673-17086 Moderate 17095-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19529-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19673-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-17086 CBL-Mariner Releases 17501-17084 No Security Update 6.6.64.2-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17501-17084 CBL-Mariner Releases CBL-Mariner Releases 19529-17084 19673-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 19673-17086 CBL-Mariner Releases 2.0 2026-02-18T15:14:08 <p>Information published.</p> 1.0 2025-09-03T21:10:24 <p>Information published.</p> wifi: mac80211: fix NULL dereference at band check in starting tx ba session <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43911 NULL Pointer Dereference 17501-17084 19529-17084 17087-17086 20925-17086 21093-17086 17501-17084 19529-17084 17087-17086 20925-17086 21093-17086 Moderate 17501-17084 Moderate 19529-17084 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19529-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 CBL-Mariner Releases 17501-17084 No Security Update 6.6.64.2-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17501-17084 CBL-Mariner Releases CBL-Mariner Releases 19529-17084 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 CBL-Mariner Releases 1.1 2026-02-18T15:13:54 <p>Information published.</p> 2.0 2026-03-03T14:43:50 <p>Information published.</p> 3.0 2026-03-31T14:55:58 <p>Information published.</p> 1.0 2025-09-03T21:07:52 <p>Information published.</p> REXML denial of service vulnerability <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-43398 Improper Restriction of Recursive Entity References in DTDs (&#39;XML Entity Expansion&#39;) 17596-17084 17652-17084 19723-17086 19999-17086 17669-17084 17670-17084 17596-17084 17652-17084 19723-17086 19999-17086 17669-17084 17670-17084 Moderate 17596-17084 Moderate 17652-17084 Moderate 19723-17086 Moderate 19999-17086 Moderate 17669-17084 Moderate 17670-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 17596-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 17652-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 19723-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 19999-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 17669-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 17670-17084 CBL-Mariner Releases 17596-17084 17670-17084 No Security Update 3.3.5-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17596-17084 17670-17084 CBL-Mariner Releases CBL-Mariner Releases 17652-17084 17669-17084 No Security Update 3.3.9-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17652-17084 17669-17084 CBL-Mariner Releases CBL-Mariner Releases 19723-17086 No Security Update 3.1.7-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19723-17086 CBL-Mariner Releases CBL-Mariner Releases 19999-17086 No Security Update 3.2.9-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19999-17086 CBL-Mariner Releases 1.0 2024-12-19T00:00:00 <p>Information published.</p> 2.0 2025-05-30T00:00:00 <p>Added rubygem-rexml to Azure Linux 3.0 Added ruby to Azure Linux 3.0</p> 3.0 2025-07-11T00:00:00 <p>Added ruby to CBL-Mariner 2.0 Added rubygem-rexml to CBL-Mariner 2.0 Added rubygem-rexml to Azure Linux 3.0 Added ruby to Azure Linux 3.0</p> 3.1 2026-02-18T15:12:23 <p>Information published.</p> AES T-Table sub-cache-line leakage <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner wolfSSL Yes CVE-2024-1543 Observable Timing Discrepancy 1.0 2024-12-07T00:00:00 <p>Information published.</p> 1.1 2024-12-12T00:00:00 <p>Added mariadb to CBL-Mariner 2.0 Added mariadb to Azure Linux 3.0</p> Fault Injection of RSA encryption in WolfCrypt <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner wolfSSL Yes CVE-2024-1545 Improper Restriction of Software Interfaces to Hardware Features 1.0 2024-12-07T00:00:00 <p>Information published.</p> 1.1 2024-12-12T00:00:00 <p>Added mariadb to CBL-Mariner 2.0 Added mariadb to Azure Linux 3.0</p> Safe-error attack on TLS 1.3 Protocol <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner wolfSSL Yes CVE-2024-5288 Insecure Storage of Sensitive Information 1.0 2024-12-07T00:00:00 <p>Information published.</p> 1.1 2024-12-12T00:00:00 <p>Added mariadb to CBL-Mariner 2.0 Added mariadb to Azure Linux 3.0</p> 1.2 2025-03-01T00:00:00 <p>Added mariadb to CBL-Mariner 2.0 Added mariadb to Azure Linux 3.0</p> Expired Pointer Dereference in Wireshark <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitLab Yes CVE-2024-8250 Expired Pointer Dereference 19523-17084 19523-17084 Moderate 19523-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 19523-17084 CBL-Mariner Releases 19523-17084 No Security Update 4.4.7-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19523-17084 CBL-Mariner Releases 1.0 2025-07-11T00:00:00 <p>Information published.</p> Buffer Overflow vulnerability in the net/bootp.c in DENEX U-Boot from its initial commit in 2002 (3861aa5) up to today on any platform allows an attacker on the local network to leak memory from four up to 32 bytes of memory stored behind the packet to the network depending on the later use of DHCP-provided parameters via crafted DHCP responses. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-42040 Buffer Copy without Checking Size of Input (&#39;Classic Buffer Overflow&#39;) 19662-17086 17459-17084 17093-17086 19662-17086 17459-17084 17093-17086 19662-17086 Important 17459-17084 Important 17093-17086 8.1 8.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 19662-17086 8.1 8.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 17459-17084 8.1 8.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 17093-17086 2.0 2026-02-18T03:01:55 <p>Information published.</p> 1.0 2025-09-04T05:46:46 <p>Information published.</p> f2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42273 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-10-04T01:01:17 <p>Information published.</p> media: mediatek: vcodec: Handle invalid decoder vsi <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43831 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-10-12T01:01:21 <p>Information published.</p> s390/uv: Don't call folio_wait_writeback() without a folio reference <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43832 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-10-12T01:01:27 <p>Information published.</p> Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2024-7519 Out-of-bounds Write 18469-17084 18469-17084 Critical 18469-17084 9.6 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 18469-17084 1.0 2025-09-03T20:25:42 <p>Information published.</p> 1.1 2026-02-19T01:14:18 <p>Information published.</p> Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2024-7521 Improper Handling of Exceptional Conditions 18469-17084 18469-17084 Important 18469-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18469-17084 1.1 2026-02-19T01:18:35 <p>Information published.</p> 1.0 2025-09-03T21:07:11 <p>Information published.</p> Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2024-7522 Out-of-bounds Read 18469-17084 18469-17084 Important 18469-17084 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 18469-17084 1.1 2026-02-19T01:14:08 <p>Information published.</p> 1.0 2025-09-03T20:23:08 <p>Information published.</p> It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2024-7525 Incorrect Default Permissions 18469-17084 18469-17084 Important 18469-17084 9.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 18469-17084 1.0 2025-09-03T20:19:11 <p>Information published.</p> 1.1 2026-02-19T01:13:38 <p>Information published.</p> PCI: endpoint: pci-epf-test: Make use of cached 'epc_features' in pci_epf_test_core_init() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43824 NULL Pointer Dereference 17087-17086 20412-17084 20553-17084 20613-17084 20725-17084 20823-17084 20860-17084 20956-17084 21093-17086 21094-17084 21308-17084 19684-17084 20788-17084 20925-17086 21248-17084 21332-17084 21344-17084 17087-17086 20412-17084 20553-17084 20613-17084 20725-17084 20823-17084 20860-17084 20956-17084 21093-17086 21094-17084 21308-17084 19684-17084 20788-17084 20925-17086 21248-17084 21332-17084 21344-17084 Moderate 17087-17086 Moderate 20412-17084 Moderate 20553-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 20956-17084 Moderate 21093-17086 Moderate 21094-17084 Moderate 21308-17084 19684-17084 Moderate 20788-17084 Moderate 20925-17086 Moderate 21248-17084 Moderate 21332-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19684-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2025-09-03T19:28:06 <p>Information published.</p> 2.0 2025-12-07T01:39:24 <p>Information published.</p> 3.0 2026-01-08T14:38:44 <p>Information published.</p> 4.0 2026-01-20T14:38:23 <p>Information published.</p> 5.0 2026-02-20T23:19:33 <p>Information published.</p> 6.0 2026-03-03T14:46:24 <p>Information published.</p> 8.0 2026-03-31T14:59:23 <p>Information published.</p> 9.0 2026-04-29T14:42:22 <p>Information published.</p> 7.0 2026-03-04T14:38:27 <p>Information published.</p> 10.0 2026-05-06T14:40:45 <p>Information published.</p> 11.0 2026-05-11T01:40:33 <p>Information published.</p> 12.0 2026-05-17T14:41:23 <p>Information published.</p> bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-43840 19529-17084 19529-17084 19529-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19529-17084 CBL-Mariner Releases 19529-17084 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 CBL-Mariner Releases 1.0 2025-09-03T21:00:16 <p>Information published.</p> drm/vmwgfx: Remove rcu locks from user resources <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2022-48887 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 17087-17086 Moderate 20925-17086 Moderate 21093-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-09-03T21:09:47 <p>Information published.</p> 2.0 2026-03-03T14:48:14 <p>Information published.</p> 3.0 2026-03-31T15:02:31 <p>Information published.</p> Chromium: CVE-2024-7967 Heap buffer overflow in Fonts <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>128.0.2739.42</td> <td>128.0.6613.84/.85</td> <td>8/22/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-7967 11655 11655 11655 Release Notes 11655 No Security Update 128.0.2739.42 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-08-22T07:00:00 <p>Information published.</p> Chromium: CVE-2024-7969 Type Confusion in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>128.0.2739.42</td> <td>128.0.6613.84/.85</td> <td>8/22/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-7969 11655 11655 11655 Release Notes 11655 No Security Update 128.0.2739.42 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-08-22T07:00:00 <p>Information published.</p> Chromium: CVE-2024-7966 Out of bounds memory access in Skia <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>128.0.2739.42</td> <td>128.0.6613.84/.85</td> <td>8/22/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-7966 11655 11655 11655 Release Notes 11655 No Security Update 128.0.2739.42 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-08-22T07:00:00 <p>Information published.</p> Chromium: CVE-2024-7971 Type confusion in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p>Google is aware that an exploit for CVE-2024-7971 exists in the wild.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>128.0.2739.42</td> <td>128.0.6613.84/.85</td> <td>8/22/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-7971 11655 11655 11655 Release Notes 11655 No Security Update 128.0.2739.42 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-08-22T07:00:00 <p>Information published.</p> Chromium: CVE-2024-7965 Inappropriate implementation in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>128.0.2739.42</td> <td>128.0.6613.84/.85</td> <td>8/22/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-7965 11655 11655 11655 Release Notes 11655 No Security Update 128.0.2739.42 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-08-22T07:00:00 <p>Information published.</p> Chromium: CVE-2024-7968 Use after free in Autofill <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>128.0.2739.42</td> <td>128.0.6613.84/.85</td> <td>8/22/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-7968 11655 11655 11655 Release Notes 11655 No Security Update 128.0.2739.42 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-08-22T07:00:00 <p>Information published.</p> Chromium: CVE-2024-7964 Use after free in Passwords <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>128.0.2739.42</td> <td>128.0.6613.84/.85</td> <td>8/22/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-7964 11655 11655 11655 Release Notes 11655 No Security Update 128.0.2739.42 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-08-22T07:00:00 <p>Information published.</p> Chromium: CVE-2024-7980 Insufficient data validation in Installer <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>128.0.2739.42</td> <td>128.0.6613.84/.85</td> <td>8/22/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-7980 11655 11655 11655 Release Notes 11655 No Security Update 128.0.2739.42 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-08-22T07:00:00 <p>Information published.</p> Chromium: CVE-2024-8034 Inappropriate implementation in Custom Tabs <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>128.0.2739.42</td> <td>128.0.6613.84/.85</td> <td>8/22/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-8034 11655 11655 11655 Release Notes 11655 No Security Update 128.0.2739.42 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-08-22T07:00:00 <p>Information published.</p> Chromium: CVE-2024-8033 Inappropriate implementation in WebApp Installs <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>128.0.2739.42</td> <td>128.0.6613.84/.85</td> <td>8/22/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-8033 11655 11655 11655 Release Notes 11655 No Security Update 128.0.2739.42 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-08-22T07:00:00 <p>Information published.</p> Chromium: CVE-2024-7981 Inappropriate implementation in Views <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>128.0.2739.42</td> <td>128.0.6613.84/.85</td> <td>8/22/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-7981 11655 11655 11655 Release Notes 11655 No Security Update 128.0.2739.42 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-08-22T07:00:00 <p>Information published.</p> Chromium: CVE-2024-8035 Inappropriate implementation in Extensions <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>128.0.2739.42</td> <td>128.0.6613.84/.85</td> <td>8/22/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-8035 11655 11655 11655 Release Notes 11655 No Security Update 128.0.2739.42 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-08-22T07:00:00 <p>Information published.</p> Redhat: CVE-2022-2601 grub2 - Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass https://nvd.nist.gov/vuln/detail/CVE-2022-2601 https://nvd.nist.gov/vuln/detail/CVE-2022-2601 https://nvd.nist.gov/vuln/detail/CVE-2022-2601 https://nvd.nist.gov/vuln/detail/CVE-2022-2601 https://nvd.nist.gov/vuln/detail/CVE-2022-2601 https://nvd.nist.gov/vuln/detail/CVE-2022-2601 <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> <p><strong>Why is this Redhat CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in the Linux GRUB2 boot loader, a boot loader designed to support Secure Boot on systems that are running Linux. It is being documented in the Security Update Guide to announce that the latest builds of Windows are no longer vulnerable to this security feature bypass using the Linux GRUB2 boot loader. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p> <p><strong>Will this update affect my ability to boot Linux after applying this update?</strong></p> <p>To address this security issue, Windows will apply a Secure Boot Advanced Targeting (SBAT) update to block vulnerable Linux boot loaders that could have an impact on Windows security. The SBAT value is not applied to dual-boot systems that boot both Windows and Linux and should not affect these systems. You might find that older Linux distribution ISOs will not boot. If this occurs, work with your Linux vendor to get an update.</p> <p><strong>Update, September 19, 2024</strong>: To address a known issue on systems with dual booting for Windows and Linux, we have reconfigured the manner in which this fix can be applied. Starting with the September 10, 2024 security updates, the fix will not automatically apply the SBAT update to the firmware. Customers who have applied the August 13, 2024 security updates will have the SBAT update in firmware and will be protected. Customers who have devices with Windows system only and who have not applied the August updates and who want to be protected from this issue can either apply the August 13, 2024 updates or apply the September 10, 2024 updates and set the following registry key from an Administrator command prompt:</p> <p><code>reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Secureboot /v AvailableUpdates /t REG_DWORD /d 0x400 /f”</code></p> <p><strong>Update, May 16, 2024</strong>: The security updates released on May 13, 2025 apply improvements to SBAT for the detection of Linux systems, and address the known issue with dual booting for Windows and Linux.</p> Windows Secure Boot Red Hat, Inc. Yes CVE-2022-2601 Stack-based Buffer Overflow 12357 12356 12138 12137 12140 12139 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 12389 12390 12357 12356 12138 12137 12140 12139 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Security Feature Bypass 12389 Security Feature Bypass 12390 12357 12356 12138 12137 12140 12139 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Important 12389 Important 12390 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 12357 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 12356 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 12138 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 12137 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 12140 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 12139 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 11568 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 11569 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 11571 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 11572 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 11923 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 11924 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 11926 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 11927 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 11929 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 11930 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 11931 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 12085 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 12086 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 12097 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 12098 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 12099 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 12242 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 12243 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 12244 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 10729 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 10735 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 10852 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 10853 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 10816 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 10855 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 10378 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 10379 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 10483 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 10543 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 12389 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 12390 grub2 12357 grub2-2.06-18.azl3.x86_64.rpm 0001-01-01T00:00:00 grub2-pc-2.06-18.azl3.x86_64.rpm 0001-01-01T00:00:00 grub2-efi-2.06-18.azl3.x86_64.rpm 0001-01-01T00:00:00 grub2-efi-unsigned-2.06-18.azl3.x86_64.rpm 0001-01-01T00:00:00 grub2-efi-binary-2.06-18.azl3.x86_64.rpm 0001-01-01T00:00:00 grub2-efi-binary-noprefix-2.06-18.azl3.x86_64.rpm 0001-01-01T00:00:00 grub2-rpm-macros-2.06-18.azl3.x86_64.rpm 0001-01-01T00:00:00 grub2-configuration-2.06-18.azl3.x86_64.rpm 0001-01-01T00:00:00 grub2-tools-minimal-2.06-18.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.06-14 https://nvd.nist.gov/vuln/detail/CVE-2022-2601 12357 grub2 grub2 12356 grub2-2.06-18.azl3.aarch64.rpm 0001-01-01T00:00:00 grub2-efi-2.06-18.azl3.aarch64.rpm 0001-01-01T00:00:00 grub2-efi-unsigned-2.06-18.azl3.aarch64.rpm 0001-01-01T00:00:00 grub2-efi-binary-2.06-18.azl3.aarch64.rpm 0001-01-01T00:00:00 grub2-efi-binary-noprefix-2.06-18.azl3.aarch64.rpm 0001-01-01T00:00:00 grub2-rpm-macros-2.06-18.azl3.aarch64.rpm 0001-01-01T00:00:00 grub2-configuration-2.06-18.azl3.aarch64.rpm 0001-01-01T00:00:00 grub2-tools-minimal-2.06-18.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.06-14 https://nvd.nist.gov/vuln/detail/CVE-2022-2601 12356 grub2 grub2 12138 grub2-2.06~rc1-9.cm1.aarch64.rpm 0001-01-01T00:00:00 grub2-efi-2.06~rc1-9.cm1.aarch64.rpm 0001-01-01T00:00:00 grub2-efi-unsigned-2.06~rc1-9.cm1.aarch64.rpm 0001-01-01T00:00:00 grub2-efi-binary-2.06~rc1-9.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.06~rc1-9 https://nvd.nist.gov/vuln/detail/CVE-2022-2601 12138 grub2 grub2 12137 grub2-2.06~rc1-9.cm1.x86_64.rpm 0001-01-01T00:00:00 grub2-pc-2.06~rc1-9.cm1.x86_64.rpm 0001-01-01T00:00:00 grub2-efi-2.06~rc1-9.cm1.x86_64.rpm 0001-01-01T00:00:00 grub2-efi-unsigned-2.06~rc1-9.cm1.x86_64.rpm 0001-01-01T00:00:00 grub2-efi-binary-2.06~rc1-9.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.06~rc1-9 https://nvd.nist.gov/vuln/detail/CVE-2022-2601 12137 grub2 grub2 12140 grub2-2.06-8.cm2.aarch64.rpm 0001-01-01T00:00:00 grub2-efi-2.06-8.cm2.aarch64.rpm 0001-01-01T00:00:00 grub2-efi-unsigned-2.06-8.cm2.aarch64.rpm 0001-01-01T00:00:00 grub2-efi-binary-2.06-8.cm2.aarch64.rpm 0001-01-01T00:00:00 grub2-efi-binary-noprefix-2.06-8.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.06-8 https://nvd.nist.gov/vuln/detail/CVE-2022-2601 12140 grub2 grub2 12139 grub2-2.06-8.cm2.x86_64.rpm 0001-01-01T00:00:00 grub2-pc-2.06-8.cm2.x86_64.rpm 0001-01-01T00:00:00 grub2-efi-2.06-8.cm2.x86_64.rpm 0001-01-01T00:00:00 grub2-efi-unsigned-2.06-8.cm2.x86_64.rpm 0001-01-01T00:00:00 grub2-efi-binary-2.06-8.cm2.x86_64.rpm 0001-01-01T00:00:00 grub2-efi-binary-noprefix-2.06-8.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.06-8 https://nvd.nist.gov/vuln/detail/CVE-2022-2601 12139 grub2 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5041592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041592 5040431 11926 11927 Yes Security Update 10.0.22000.3147 https://support.microsoft.com/help/5041592 11926 11927 5041592 5041592 https://support.microsoft.com/help/5041592 11926 11927 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 12390 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 12390 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 12390 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12389 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12389 5055523 5055523 https://support.microsoft.com/help/5055523 12389 Zhang Boyang 2.0 2024-09-19T07:00:00 <p>Updated FAQs with the following information: To address a known issue on systems with dual booting for Windows and Linux, we have reconfigured the manner in which this fix can be applied. Starting with the September 10, 2024 security updates, the fix will not automatically apply the SBAT update to the firmware. Customers who have applied the August 13, 2024 security updates will have the SBAT update in firmware and will be protected. Customers who have devices with Windows system only and who have not applied the August updates and who want to be protected from this issue can either apply the August 13, 2024 updates or apply the September 10, 2024 updates and set the following registry key from an Administrator command prompt:</p> <p><code>reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Secureboot /v AvailableUpdates /t REG_DWORD /d 0x400 /f”</code></p> 3.0 2025-05-16T07:00:00 <p>In the Security Updates table, updated Download and Article links for all supported versions of Windows to the security updates released on May 13, 2025. These updates apply improvements to SBAT for the detection of Linux systems, and address the known issue with dual booting for Windows and Linux.</p> <p>Customers who experienced issues with dual booting Windows and Linux should install the May 13, 2025 security updates. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> 1.0 2024-08-13T07:00:00 <p>Information published.</p> Azure Stack Hub Spoofing Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>A cross-site scripting vulnerability existed in virtual public IP address that impacted related endpoints. For more information on the impacted virtual public IP address, see here: <a href="https://learn.microsoft.com/en-us/azure/virtual-network/what-is-ip-address-168-63-129-16">What is IP address 168.63.129.16? | Microsoft Learn</a>. An unauthenticated attacker could exploit this vulnerability by getting the victim to load malicious code into their web browser on the virtual machine, allowing the attacker to leverage an implicit identity of the virtual machine. The victim's web browser then would determine which host endpoints are accessible.</p> <p><strong>According to CVSS metrics the user interaction is required (UI:R). What interaction would a user have to do?</strong></p> <p>A user (victim) logged on to a virtual machine would need to be tricked for the virtual machine to explicitly download and execute a malicious code in their web browser.</p> <p><strong>According to the CVSS metric, the successful exploitation of this vulnerability could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>By sending a specially crafted request to the vulnerable virtual public IP address, the attacker is able to load malicious code into a victim's browser without having any direct access or connection.</p> Azure Stack Microsoft Yes CVE-2024-38108 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 11950 Spoofing 11950 Important 11950 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 9.3 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C 11950 Release Notes https://learn.microsoft.com/en-us/azure-stack/operator/azure-stack-apply-updates?view=azs-2311 11950 Maybe Security Update 1.2311.1.22 https://learn.microsoft.com/en-us/azure-stack/operator/release-notes?view=azs-2311 11950 Release Notes Felix Boulet with <a href="https://www.cyber.gouv.qc.ca/">Centre gouvernemental de cyberd&#233;fense (CGCD)</a> Mathieu Fiore Laroche with <a href="https://www.cyber.gouv.qc.ca/">Centre gouvernemental de cyberd&#233;fense (CGCD)</a> 1.0 2024-08-13T07:00:00 <p>Information published.</p> Windows Bluetooth Driver Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of certain kernel memory content.</p> <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> Microsoft Bluetooth Driver Microsoft Yes CVE-2024-38123 Out-of-bounds Read 12389 12390 Information Disclosure 12389 Information Disclosure 12390 Important 12389 Important 12390 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 4.4 3.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5041571 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571 5040435 12389 12390 Yes Security Update 10.0.26100.1457 https://support.microsoft.com/help/5041571 12389 12390 5041571 5041571 https://support.microsoft.com/help/5041571 12389 12390 Microsoft Offensive Research & Security Engineering (MORSE) 1.0 2024-08-13T07:00:00 <p>Information published.</p> Windows Network Virtualization Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>To successfully exploit this vulnerability, an attacker or the targeted user would need to achieve a high level of control over a machine, as the attack requires access to processes typically restricted from average users.</p> <p>Essentially, the exploitation necessitates elevated privileges on the compromised machine due to the requirement of manipulating processes beyond the reach of standard user permissions.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by taking advantage of the unchecked return value in the wnv.sys component of Windows Server 2016. By manipulating the content of the Memory Descriptor List (MDL), the attacker could cause unauthorized memory writes or even free a valid block currently in use, leading to a critical guest-to-host escape.</p> <p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>This vulnerability could lead to the attacker gaining the ability to interact with other tenant’s applications and content.</p> Windows Network Virtualization Microsoft Yes CVE-2024-38159 Use After Free 10852 10853 10816 10855 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5041773 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773 5040434 10852 10853 10816 10855 Yes Security Update 10.0.14393.7259 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041773 5041773 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 <p><strong>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx">mitigating factors</a> might be helpful in your situation:</strong></p> <ul> <li>Ensuring that the virtual machine (VM) is running on the VMware hypervisor exclusively, as it needs to be capable of nested virtualization.</li> <li>Disabling Hyper-V and its dependent features (VBS and its components) on the host where the VM will run is also crucial.</li> <li>Renaming the hypervisor binary (C:\Windows\System32\hvix64.exe) to prevent it from loading at boot time can also help mitigate the issue.</li> </ul> Anonymous 1.0 2024-08-13T07:00:00 <p>Information published.</p> Windows Network Virtualization Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>This vulnerability could lead to the attacker gaining the ability to interact with other tenant’s applications and content.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>To successfully exploit this vulnerability, an attacker or the targeted user would need to achieve a high level of control over a machine, as the attack requires access to processes typically restricted from average users.</p> <p>Essentially, the exploitation necessitates elevated privileges on the compromised machine due to the requirement of manipulating processes beyond the reach of standard user permissions.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by taking advantage of the unchecked return value in the wnv.sys component of Windows Server 2016. By manipulating the content of the Memory Descriptor List (MDL), the attacker could cause unauthorized memory writes or even free a valid block currently in use, leading to a critical guest-to-host escape.</p> Windows Network Virtualization Microsoft Yes CVE-2024-38160 Heap-based Buffer Overflow 10852 10853 10816 10855 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5041773 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773 5040434 10852 10853 10816 10855 Yes Security Update 10.0.14393.7259 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041773 5041773 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 <p><strong>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx">mitigating factors</a> might be helpful in your situation:</strong></p> <ul> <li>Ensuring that the virtual machine (VM) is running on the VMware hypervisor exclusively, as it needs to be capable of nested virtualization.</li> <li>Disabling Hyper-V and its dependent features (VBS and its components) on the host where the VM will run is also crucial.</li> <li>Renaming the hypervisor binary (C:\Windows\System32\hvix64.exe) to prevent it from loading at boot time can also help mitigate the issue.</li> </ul> Anonymous 1.0 2024-08-13T07:00:00 <p>Information published.</p> Windows Mobile Broadband Driver Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability?</strong></p> <p>To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine.</p> Windows Mobile Broadband Microsoft Yes CVE-2024-38161 Heap-based Buffer Overflow 11568 11569 11571 11572 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Important 11568 Important 11569 Important 11571 Important 11572 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 Wen with <a href="https://www.cyberkl.com/">CyberKunLun</a> 1.0 2024-08-13T07:00:00 <p>Information published. This CVE was addressed by updates that were released in July 2024, but the CVE was inadvertently omitted from the July 2024 Security Updates. This is an informational change only. Customers who have already installed the July 2024 updates do not need to take any further action.</p> .NET and Visual Studio Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could read targeted email messages.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of this vulnerability requires that a user trigger the payload in the application.</p> .NET and Visual Studio Microsoft Yes CVE-2024-38167 Cleartext Transmission of Sensitive Information 12322 12271 12260 12187 Information Disclosure 12322 Information Disclosure 12271 Information Disclosure 12260 Information Disclosure 12187 Important 12322 Important 12271 Important 12260 Important 12187 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12322 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12271 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12260 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12187 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.10 12322 Maybe Security Update 17.10.6 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12322 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8 12271 Maybe Security Update 17.8.13 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12271 Release Notes 5042132 https://dotnet.microsoft.com/en-us/download/dotnet/8.0 12260 Maybe Security Update 8.0.8 https://support.microsoft.com/help/5042132 12260 5042132 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.18 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Alex Appleton, D. E. Shaw & Co., L.P. <a href="https://www.linkedin.com/in/rokonec/">Roman Konecny</a>, Microsoft 1.0 2024-08-13T07:00:00 <p>Information published.</p> 1.2 2024-10-11T07:00:00 <p>Added an acknowledgement. This is an informational change only.</p> 1.1 2024-09-27T07:00:00 <p>Acknowledgement added. This is an informational change only.</p> .NET and Visual Studio Denial of Service Vulnerability .NET and Visual Studio Microsoft Yes CVE-2024-38168 Uncontrolled Resource Consumption 12260 12187 12322 12271 Denial of Service 12260 Denial of Service 12187 Denial of Service 12322 Denial of Service 12271 Important 12260 Important 12187 Important 12322 Important 12271 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12260 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12187 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12322 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12271 5042132 https://dotnet.microsoft.com/en-us/download/dotnet/8.0 12260 Maybe Security Update 8.0.8 https://support.microsoft.com/help/5042132 12260 5042132 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.18 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.10 12322 Maybe Security Update 17.10.6 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12322 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8 12271 Maybe Security Update 17.8.13 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12271 Release Notes Brennan Conroy of Microsoft Corporation 1.0 2024-08-13T07:00:00 <p>Information published.</p> Microsoft Excel Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Excel Microsoft Yes CVE-2024-38172 Heap-based Buffer Overflow 11762 11763 11951 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Important 11762 Important 11763 Important 11951 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 Click to Run 11762 11763 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates 11762 11763 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 Maybe Security Update 16.88.24081116 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 Release Notes an0nym0us 1.0 2024-08-13T07:00:00 <p>Information published.</p> Scripting Engine Memory Corruption Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>This attack requires an authenticated client to click a link so that an unauthenticated attacker can initiate remote code execution.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to first prepare the target so that it uses Edge in Internet Explorer Mode.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> Windows Scripting Microsoft Yes CVE-2024-38178 Access of Resource Using Incompatible Type ('Type Confusion') 12389 12390 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10483 10543 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10483 Remote Code Execution 10543 Important 12389 Important 12390 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12389 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12390 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11568 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11569 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11571 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11572 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11923 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11924 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11926 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11927 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11929 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11930 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11931 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12085 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12086 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12097 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12098 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12099 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12242 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12243 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12244 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10729 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10735 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10852 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10853 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10816 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10855 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10483 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10543 5041571 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571 5040435 12389 12390 Yes Security Update 10.0.26100.1457 https://support.microsoft.com/help/5041571 12389 12390 5041571 5041571 https://support.microsoft.com/help/5041571 12389 12390 5041578 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578 5040430 11568 11569 11571 11572 Yes Security Update 10.0.17763.6189 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041578 5041578 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041592 5040431 11926 11927 Yes Security Update 10.0.22000.3147 https://support.microsoft.com/help/5041592 11926 11927 5041592 5041592 https://support.microsoft.com/help/5041592 11926 11927 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 11929 11930 11931 Yes Security Update 10.0.19044.4780 https://support.microsoft.com/help/5041580 11929 11930 11931 5041580 5041580 https://support.microsoft.com/help/5041580 11929 11930 11931 12097 12098 12099 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12085 12086 Yes Security Update 10.0.22621.4037 https://support.microsoft.com/help/5041585 12085 12086 5041585 5041585 https://support.microsoft.com/help/5041585 12085 12086 12242 12243 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 12097 12098 12099 Yes Security Update 10.0.19045.4780 https://support.microsoft.com/help/5041580 12097 12098 12099 5041580 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12242 12243 Yes Security Update 10.0.22631.4037 https://support.microsoft.com/help/5041585 12242 12243 5041585 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041782 5040448 10729 10735 Yes Security Update 10.0.10240.20751 https://support.microsoft.com/help/5041782 10729 10735 5041782 5041782 https://support.microsoft.com/help/5041782 10729 10735 5041773 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773 5040434 10852 10853 10816 10855 Yes Security Update 10.0.14393.7259 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041773 5041773 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041828 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041828 5040456 10483 10543 Yes Monthly Rollup 6.3.9600.22134 https://support.microsoft.com/help/5041828 10483 10543 5041828 5041828 https://support.microsoft.com/help/5041828 10483 10543 5041770 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041770 5040426 10483 10543 Yes IE Cumulative 1.001 https://support.microsoft.com/help/5041770 10483 10543 5041770 <a href="https://www.ahnlab.com/">AhnLab</a> and <a href="https://www.ncsc.go.kr/">National Cyber Security Center(NCSC), Republic of Korea</a> 1.0 2024-08-13T07:00:00 <p>Information published.</p> 1.1 2024-08-22T07:00:00 <p>Updated acknowledgment. This is an informational change only.</p> Windows Kernel-Mode Driver Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained (&quot;sandboxed&quot;) execution environment to a Medium Integrity Level or a High Integrity Level.</p> <p>Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer isolation</a> and <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/mandatory-integrity-control">Mandatory Integrity Control</a> for more information.</p> Windows Kernel-Mode Drivers Microsoft Yes CVE-2024-38184 Out-of-bounds Read 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 <a href="https://talosintelligence.com/">Philippe Laulheret</a> with <a href="https://www.cisco.com/">Cisco Talos</a> 1.0 2024-08-13T07:00:00 <p>Information published. This CVE was addressed by updates that were released in July 2024, but the CVE was inadvertently omitted from the July 2024 Security Updates. This is an informational change only. Customers who have already installed the July 2024 updates do not need to take any further action.</p> Kernel Streaming Service Driver Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kernel-Mode Drivers Microsoft Yes CVE-2024-38191 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040499 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040499 5039245 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22769 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040499 5040499 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040490 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040490 9312 10287 9318 9344 Yes Security Only 6.0.6003.22769 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040490 5040490 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040497 5039289 10051 10049 Yes Monthly Rollup 6.1.7601.27219 https://support.microsoft.com/help/5040497 10051 10049 5040497 5040497 https://support.microsoft.com/help/5040497 10051 10049 5040498 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040498 10051 10049 Yes Security Only 6.1.7601.27219 https://support.microsoft.com/help/5040498 10051 10049 5040498 5040498 https://support.microsoft.com/help/5040498 10051 10049 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 <a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a> 1.0 2024-08-13T07:00:00 <p>Information published. This CVE was addressed by updates that were released in July 2024, but the CVE was inadvertently omitted from the July 2024 Security Updates. This is an informational change only. Customers who have already installed the July 2024 updates do not need to take any further action.</p> Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> Windows Ancillary Function Driver for WinSock Microsoft Yes CVE-2024-38193 Use After Free 12389 12390 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 12389 Important 12390 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12389 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12390 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11568 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11569 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11571 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11572 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11923 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11924 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11926 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11927 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11929 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11930 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11931 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12085 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12086 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10852 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10853 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10816 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10855 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 9312 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10287 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 9318 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 9344 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10051 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10049 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10378 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10379 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10483 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10543 5041571 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571 5040435 12389 12390 Yes Security Update 10.0.26100.1457 https://support.microsoft.com/help/5041571 12389 12390 5041571 5041571 https://support.microsoft.com/help/5041571 12389 12390 5041578 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578 5040430 11568 11569 11571 11572 Yes Security Update 10.0.17763.6189 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041578 5041578 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041592 5040431 11926 11927 Yes Security Update 10.0.22000.3147 https://support.microsoft.com/help/5041592 11926 11927 5041592 5041592 https://support.microsoft.com/help/5041592 11926 11927 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 11929 11930 11931 Yes Security Update 10.0.19044.4780 https://support.microsoft.com/help/5041580 11929 11930 11931 5041580 5041580 https://support.microsoft.com/help/5041580 11929 11930 11931 12097 12098 12099 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12085 12086 Yes Security Update 10.0.22621.4037 https://support.microsoft.com/help/5041585 12085 12086 5041585 5041585 https://support.microsoft.com/help/5041585 12085 12086 12242 12243 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 12097 12098 12099 Yes Security Update 10.0.19045.4780 https://support.microsoft.com/help/5041580 12097 12098 12099 5041580 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12242 12243 Yes Security Update 10.0.22631.4037 https://support.microsoft.com/help/5041585 12242 12243 5041585 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041782 5040448 10729 10735 Yes Security Update 10.0.10240.20751 https://support.microsoft.com/help/5041782 10729 10735 5041782 5041782 https://support.microsoft.com/help/5041782 10729 10735 5041773 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773 5040434 10852 10853 10816 10855 Yes Security Update 10.0.14393.7259 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041773 5041773 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041850 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041850 5040499 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22825 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041850 5041850 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041847 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041847 9312 10287 9318 9344 Yes Security Only 6.0.6003.22825 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041847 5041847 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041838 5040497 10051 10049 Yes Monthly Rollup 6.1.7601.27277 https://support.microsoft.com/help/5041838 10051 10049 5041838 5041838 https://support.microsoft.com/help/5041838 10051 10049 5041823 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041823 10051 10049 Yes Security Only 6.1.7601.27277 https://support.microsoft.com/help/5041823 10051 10049 5041823 5041851 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041851 5040485 10378 10379 Yes Monthly Rollup 6.2.9200.25031 https://support.microsoft.com/help/5041851 10378 10379 5041851 5041851 https://support.microsoft.com/help/5041851 10378 10379 5041828 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041828 5040456 10483 10543 Yes Monthly Rollup 6.3.9600.22134 https://support.microsoft.com/help/5041828 10483 10543 5041828 5041828 https://support.microsoft.com/help/5041828 10483 10543 Luigino Camastra and Milánek with Gen Digital 1.0 2024-08-13T07:00:00 <p>Information published.</p> Windows Common Log File System Driver Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> Windows Common Log File System Driver Microsoft Yes CVE-2024-38196 Improper Input Validation 12389 12390 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 12389 Important 12390 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5041571 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571 5040435 12389 12390 Yes Security Update 10.0.26100.1457 https://support.microsoft.com/help/5041571 12389 12390 5041571 5041571 https://support.microsoft.com/help/5041571 12389 12390 5041578 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578 5040430 11568 11569 11571 11572 Yes Security Update 10.0.17763.6189 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041578 5041578 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041592 5040431 11926 11927 Yes Security Update 10.0.22000.3147 https://support.microsoft.com/help/5041592 11926 11927 5041592 5041592 https://support.microsoft.com/help/5041592 11926 11927 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 11929 11930 11931 Yes Security Update 10.0.19044.4780 https://support.microsoft.com/help/5041580 11929 11930 11931 5041580 5041580 https://support.microsoft.com/help/5041580 11929 11930 11931 12097 12098 12099 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12085 12086 Yes Security Update 10.0.22621.4037 https://support.microsoft.com/help/5041585 12085 12086 5041585 5041585 https://support.microsoft.com/help/5041585 12085 12086 12242 12243 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 12097 12098 12099 Yes Security Update 10.0.19045.4780 https://support.microsoft.com/help/5041580 12097 12098 12099 5041580 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12242 12243 Yes Security Update 10.0.22631.4037 https://support.microsoft.com/help/5041585 12242 12243 5041585 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041782 5040448 10729 10735 Yes Security Update 10.0.10240.20751 https://support.microsoft.com/help/5041782 10729 10735 5041782 5041782 https://support.microsoft.com/help/5041782 10729 10735 5041773 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773 5040434 10852 10853 10816 10855 Yes Security Update 10.0.14393.7259 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041773 5041773 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041850 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041850 5040499 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22825 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041850 5041850 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041847 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041847 9312 10287 9318 9344 Yes Security Only 6.0.6003.22825 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041847 5041847 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041838 5040497 10051 10049 Yes Monthly Rollup 6.1.7601.27277 https://support.microsoft.com/help/5041838 10051 10049 5041838 5041838 https://support.microsoft.com/help/5041838 10051 10049 5041823 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041823 10051 10049 Yes Security Only 6.1.7601.27277 https://support.microsoft.com/help/5041823 10051 10049 5041823 5041851 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041851 5040485 10378 10379 Yes Monthly Rollup 6.2.9200.25031 https://support.microsoft.com/help/5041851 10378 10379 5041851 5041851 https://support.microsoft.com/help/5041851 10378 10379 5041828 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041828 5040456 10483 10543 Yes Monthly Rollup 6.3.9600.22134 https://support.microsoft.com/help/5041828 10483 10543 5041828 5041828 https://support.microsoft.com/help/5041828 10483 10543 luckyu with MatrixCup <a href="https://twitter.com/securiteam_ssd">Anonymous</a> with <a href="https://ssd-disclosure.com/">SSD Secure Disclosure</a> 1.0 2024-08-13T07:00:00 <p>Information published.</p> Microsoft Teams for iOS Spoofing Vulnerability <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L) and integrity (I:L) but does not impact availability (A:N)? What does that mean for this vulnerability?</strong></p> <p>The attacker is only able to modify the sender's name of Teams message (I:L) and through social engineering, attempt to trick the recipient into disclosing information (C:L). The availability of the product cannot be affected (A:N).</p> <p><strong>How do I get the update for Microsoft Teams for iOS?</strong></p> <ol> <li>Tap the <strong>Settings</strong> icon</li> <li>Tap the** iTunes &amp; App Store**</li> <li>Turn on AUTOMATIC DOWNLOADS for Apps</li> </ol> <p><strong>Alternatively</strong></p> <ol> <li>Tap the** App Store** icon</li> <li>Scroll down to find Microsoft Teams</li> <li>Tap the <strong>Update</strong> button</li> </ol> <p><strong>How do I get the update for Teams for Android?</strong></p> <ol> <li>Tap the <strong>Play Store</strong> icon on your home screen.</li> <li>Tap the circular account icon at the top right of the screen.</li> <li>Tap <strong>Manage apps &amp; devices</strong>.</li> <li>Tap <strong>Updates available</strong>.</li> <li>Tap the <strong>Update</strong> button next to the Microsoft Teams app.</li> </ol> <p><strong>Is there a direct link on the web?</strong></p> <p>Yes: <a href="https://play.google.com/store/apps/details?id=com.microsoft.teams">https://play.google.com/store/apps/details?id=com.microsoft.teams</a></p> Microsoft Teams Microsoft Yes CVE-2024-38197 User Interface (UI) Misrepresentation of Critical Information 11858 Spoofing 11858 Important 11858 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C 11858 Release Notes https://apps.apple.com/us/app/microsoft-teams/id1113153706 11858 Maybe Security Update 7.13.0 https://apps.apple.com/us/app/microsoft-teams/id1113153706 11858 Release Notes <a href="https://www.linkedin.com/in/charikovandrey/">Andrey Charikov</a> with <a href="https://www.checkpoint.com/">Check Point Software Technologies</a> <a href="https://www.linkedin.com/in/oded-vanunu-a131283/">Oded Vanunu</a> with <a href="https://www.checkpoint.com/">Check Point Software Technologies</a> 1.0 2024-08-13T07:00:00 <p>Information published.</p> Windows Print Spooler Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> Windows Print Spooler Components Microsoft Yes CVE-2024-38198 Insufficient Verification of Data Authenticity 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 12389 12390 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5041578 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578 5040430 11568 11569 11571 11572 Yes Security Update 10.0.17763.6189 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041578 5041578 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041592 5040431 11926 11927 Yes Security Update 10.0.22000.3147 https://support.microsoft.com/help/5041592 11926 11927 5041592 5041592 https://support.microsoft.com/help/5041592 11926 11927 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 11929 11930 11931 Yes Security Update 10.0.19044.4780 https://support.microsoft.com/help/5041580 11929 11930 11931 5041580 5041580 https://support.microsoft.com/help/5041580 11929 11930 11931 12097 12098 12099 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12085 12086 Yes Security Update 10.0.22621.4037 https://support.microsoft.com/help/5041585 12085 12086 5041585 5041585 https://support.microsoft.com/help/5041585 12085 12086 12242 12243 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 12097 12098 12099 Yes Security Update 10.0.19045.4780 https://support.microsoft.com/help/5041580 12097 12098 12099 5041580 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12242 12243 Yes Security Update 10.0.22631.4037 https://support.microsoft.com/help/5041585 12242 12243 5041585 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041571 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571 5040435 12389 12390 Yes Security Update 10.0.26100.1457 https://support.microsoft.com/help/5041571 12389 12390 5041571 5041571 https://support.microsoft.com/help/5041571 12389 12390 5041782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041782 5040448 10729 10735 Yes Security Update 10.0.10240.20751 https://support.microsoft.com/help/5041782 10729 10735 5041782 5041782 https://support.microsoft.com/help/5041782 10729 10735 5041773 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773 5040434 10852 10853 10816 10855 Yes Security Update 10.0.14393.7259 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041773 5041773 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041850 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041850 5040499 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22825 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041850 5041850 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041847 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041847 9312 10287 9318 9344 Yes Security Only 6.0.6003.22825 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041847 5041847 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041838 5040497 10051 10049 Yes Monthly Rollup 6.1.7601.27277 https://support.microsoft.com/help/5041838 10051 10049 5041838 5041838 https://support.microsoft.com/help/5041838 10051 10049 5041823 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041823 10051 10049 Yes Security Only 6.1.7601.27277 https://support.microsoft.com/help/5041823 10051 10049 5041823 5041851 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041851 5040485 10378 10379 Yes Monthly Rollup 6.2.9200.25031 https://support.microsoft.com/help/5041851 10378 10379 5041851 5041851 https://support.microsoft.com/help/5041851 10378 10379 5041828 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041828 5040456 10483 10543 Yes Monthly Rollup 6.3.9600.22134 https://support.microsoft.com/help/5041828 10483 10543 5041828 5041828 https://support.microsoft.com/help/5041828 10483 10543 nsfocus tianji lab with Matrix Cup 1.0 2024-08-13T07:00:00 <p>Information published.</p> Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could send a specially crafted print task to a shared vulnerable Windows Line Printer Daemon (LPD) service across a network. Successful exploitation could result in remote code execution on the server.</p> <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> Line Printer Daemon Service (LPD) Microsoft Yes CVE-2024-38199 Use After Free 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 12389 12390 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5041578 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578 5040430 11568 11569 11571 11572 Yes Security Update 10.0.17763.6189 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041578 5041578 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041592 5040431 11926 11927 Yes Security Update 10.0.22000.3147 https://support.microsoft.com/help/5041592 11926 11927 5041592 5041592 https://support.microsoft.com/help/5041592 11926 11927 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 11929 11930 11931 Yes Security Update 10.0.19044.4780 https://support.microsoft.com/help/5041580 11929 11930 11931 5041580 5041580 https://support.microsoft.com/help/5041580 11929 11930 11931 12097 12098 12099 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12085 12086 Yes Security Update 10.0.22621.4037 https://support.microsoft.com/help/5041585 12085 12086 5041585 5041585 https://support.microsoft.com/help/5041585 12085 12086 12242 12243 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 12097 12098 12099 Yes Security Update 10.0.19045.4780 https://support.microsoft.com/help/5041580 12097 12098 12099 5041580 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12242 12243 Yes Security Update 10.0.22631.4037 https://support.microsoft.com/help/5041585 12242 12243 5041585 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041571 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571 5040435 12389 12390 Yes Security Update 10.0.26100.1457 https://support.microsoft.com/help/5041571 12389 12390 5041571 5041571 https://support.microsoft.com/help/5041571 12389 12390 5041782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041782 5040448 10729 10735 Yes Security Update 10.0.10240.20751 https://support.microsoft.com/help/5041782 10729 10735 5041782 5041782 https://support.microsoft.com/help/5041782 10729 10735 5041773 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773 5040434 10852 10853 10816 10855 Yes Security Update 10.0.14393.7259 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041773 5041773 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041850 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041850 5040499 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22825 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041850 5041850 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041847 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041847 9312 10287 9318 9344 Yes Security Only 6.0.6003.22825 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041847 5041847 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041838 5040497 10051 10049 Yes Monthly Rollup 6.1.7601.27277 https://support.microsoft.com/help/5041838 10051 10049 5041838 5041838 https://support.microsoft.com/help/5041838 10051 10049 5041823 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041823 10051 10049 Yes Security Only 6.1.7601.27277 https://support.microsoft.com/help/5041823 10051 10049 5041823 5041851 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041851 5040485 10378 10379 Yes Monthly Rollup 6.2.9200.25031 https://support.microsoft.com/help/5041851 10378 10379 5041851 5041851 https://support.microsoft.com/help/5041851 10378 10379 5041828 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041828 5040456 10483 10543 Yes Monthly Rollup 6.3.9600.22134 https://support.microsoft.com/help/5041828 10483 10543 5041828 5041828 https://support.microsoft.com/help/5041828 10483 10543 <p><strong>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx#Mitigation">mitigating factors</a> might be helpful in your situation:</strong></p> <ul> <li>Users are advised against installing or enabling the Line Printer Daemon (LPD) service.</li> <li>The LPD is not installed or enabled on the systems by default.</li> <li>The LPD has been announced as deprecated since Windows Server 2012. Please refer to: <a href="https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831568(v=ws.11)#printing">Features Removed or Deprecated in Windows Server 2012</a>.</li> </ul> Anonymous bee13oy with <a href="https://www.cyberkl.com/">Cyber Kunlun Lab</a> 1.0 2024-08-13T07:00:00 <p>Information published.</p> 1.1 2024-12-02T08:00:00 <p>Added acknowledgements. This is an informational change only.</p> Azure Stack Hub Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H) and user interaction is required (UI:R). What does that mean for this vulnerability?</strong></p> <p>An attacker would need to trick the user to transfer a malicious JSON file and hope that user does not open and review it. If the user opens it, the user will see an invalid URL and not import it for his dashboard. But in a scenario where the user does import the malicious JSON file, the portal will not immediately send a token. Only in a corner case that a user configures the dashboard again from the portal will there be a token leak.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An elevation of privilege vulnerability exists when the data widget of the Azure Stack Hub dashboard feature does not properly sanitize the connection URL. An unauthenticated attacker could exploit this vulnerability by sending crafted malicious URL to the user. This can be used to exfiltrate the authentication token of a user by sharing a dashboard publicly and then sending the link of the dashboard to the user. If that user clicks on the data widget, the token will leak and can be used by the attacker. The security update addresses vulnerability by helping to ensure that Azure Stack Hub dashboard properly sanitizes connection URLs.</p> Azure Stack Microsoft Yes CVE-2024-38201 Improper Input Validation 11950 Elevation of Privilege 11950 Important 11950 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11950 Release Notes https://learn.microsoft.com/en-us/azure-stack/operator/azure-stack-apply-updates?view=azs-2311 11950 Maybe Security Update 1.2311.1.22 https://learn.microsoft.com/en-us/azure-stack/operator/release-notes?view=azs-2311 11950 Release Notes Felix Boulet with <a href="https://www.cyber.gouv.qc.ca/">Centre gouvernemental de cyberd&#233;fense (CGCD)</a> 1.0 2024-08-13T07:00:00 <p>Information published.</p> Chromium: CVE-2024-6990 Uninitialized Use in Dawn <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>127.0.2651.86</td> <td>127.0.6533.88/89</td> <td>8/1/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-6990 11655 11655 11655 Release Notes 11655 No Security Update 127.0.2651.86 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-08-01T14:29:55 <p>Information published.</p> Chromium: CVE-2024-7256 Insufficient data validation in Dawn <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>127.0.2651.86</td> <td>127.0.6533.88/89</td> <td>8/1/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-7256 11655 11655 11655 Release Notes 11655 No Security Update 127.0.2651.86 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-08-01T14:30:02 <p>Information published.</p> Chromium: CVE-2024-7255 Out of bounds read in WebTransport <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>127.0.2651.86</td> <td>127.0.6533.88/89</td> <td>8/1/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-7255 11655 11655 11655 Release Notes 11655 No Security Update 127.0.2651.86 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-08-01T14:30:00 <p>Information published.</p> Windows Mark of the Web Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass the SmartScreen user experience.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious file and convince them to open it.</p> Windows Mark of the Web (MOTW) Microsoft Yes CVE-2024-38213 Protection Mechanism Failure 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Moderate 11568 Moderate 11569 Moderate 11571 Moderate 11572 Moderate 11923 Moderate 11924 Moderate 11926 Moderate 11927 Moderate 11929 Moderate 11930 Moderate 11931 Moderate 12085 Moderate 12086 Moderate 12097 Moderate 12098 Moderate 12099 Moderate 12242 Moderate 12243 Moderate 12244 Moderate 10729 Moderate 10735 Moderate 10852 Moderate 10853 Moderate 10816 Moderate 10855 Moderate 10378 Moderate 10379 Moderate 10483 Moderate 10543 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 11568 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 11569 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 11571 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 11572 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 11923 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 11924 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 11926 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 11927 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 11929 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 11930 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 11931 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 12085 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 12086 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 12097 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 12098 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 12099 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 12242 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 12243 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 12244 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 10729 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 10735 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 10852 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 10853 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 10816 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 10855 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 10378 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 10379 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 10483 6.5 6.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C 10543 5039217 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039217 5037765 11568 11569 11571 11572 Yes Security Update 10.0.17763.5936 https://support.microsoft.com/help/5039217 11568 11569 11571 11572 5039217 5039217 https://support.microsoft.com/help/5039217 11568 11569 11571 11572 5039227 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039227 5037782 11923 11924 Yes Security Update 10.0.20348.2527 https://support.microsoft.com/help/5039227 11923 11924 5039227 5039227 https://support.microsoft.com/help/5039227 11923 11924 5039330 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039330 5037848 11923 11924 Yes Security Hotpatch Update 10.0.20348.2522 https://support.microsoft.com/help/5039330 11923 11924 5039330 5039213 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039213 5037770 11926 11927 Yes Security Update 10.0.22000.3019 https://support.microsoft.com/help/5039213 11926 11927 5039213 5039213 https://support.microsoft.com/help/5039213 11926 11927 5039211 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039211 5037768 11929 11930 11931 Yes Security Update 10.0.19044.4529 https://support.microsoft.com/help/5039211 11929 11930 11931 5039211 5039211 https://support.microsoft.com/help/5039211 11929 11930 11931 12097 12098 12099 5039212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039212 5037771 12085 12086 Yes Security Update 10.0.22621.3737 https://support.microsoft.com/help/5039212 12085 12086 5039212 5039212 https://support.microsoft.com/help/5039212 12085 12086 12242 12243 5039211 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039211 5037768 12097 12098 12099 Yes Security Update 10.0.19045.4529 https://support.microsoft.com/help/5039211 12097 12098 12099 5039211 5039212 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039212 5037771 12242 12243 Yes Security Update 10.0.22631.3737 https://support.microsoft.com/help/5039212 12242 12243 5039212 5039236 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039236 5037781 12244 Yes Security Update 10.0.25398.950 https://support.microsoft.com/help/5039236 12244 5039236 5039236 https://support.microsoft.com/help/5039236 12244 5039225 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039225 5037788 10729 10735 Yes Security Update 10.0.10240.20680 https://support.microsoft.com/help/5039225 10729 10735 5039225 5039214 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039214 5037763 10852 10853 10816 10855 Yes Security Update 10.0.14393.7070 https://support.microsoft.com/help/5039214 10852 10853 10816 10855 5039214 5039260 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039260 5037778 10378 10379 Yes Monthly Rollup 6.2.9200.24919 https://support.microsoft.com/help/5039260 10378 10379 5039260 5039294 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039294 5037823 10483 10543 Yes Monthly Rollup 6.3.9600.22023 https://support.microsoft.com/help/5039294 10483 10543 5039294 <a href="https://twitter.com/thezdi">Simon Zuckerbraun and Peter Girnus (@gothburz) of Trend Micro</a> with <a href="https://www.zerodayinitiative.com/">Trend Micro</a> 1.0 2024-08-13T07:00:00 <p>Information published. This CVE was addressed by updates that were released in June 2024, but the CVE was inadvertently omitted from the June 2024 Security Updates. This is an informational change only. Customers who have already installed the June 2024 updates do not need to take any further action.</p> 1.1 2024-09-16T07:00:00 <p>Updated acknowledgment. This is an informational change only.</p> Chromium: CVE-2024-7550 Type Confusion in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>127.0.2651.98</td> <td>127.0.6533.99/.100</td> <td>8/8/2024</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-7536 11655 11655 11655 Release Notes 11655 No Security Update 127.0.2651.98 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-08-08T15:53:53 <p>Information published.</p> Chromium: CVE-2024-7536 Use after free in WebAudio <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>127.0.2651.98</td> <td>127.0.6533.99/.100</td> <td>8/8/2024</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-7535 11655 11655 11655 Release Notes 11655 No Security Update 127.0.2651.98 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-08-08T15:53:52 <p>Information published.</p> Chromium: CVE-2024-7532 Out of bounds memory access in ANGLE <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>127.0.2651.98</td> <td>127.0.6533.99/.100</td> <td>8/8/2024</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-7550 11655 11655 11655 Release Notes 11655 No Security Update 127.0.2651.98 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-08-08T15:53:42 <p>Information published.</p> Chromium: CVE-2024-7533 Use after free in Sharing <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>127.0.2651.98</td> <td>127.0.6533.99/.100</td> <td>8/8/2024</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-7532 11655 11655 11655 Release Notes 11655 No Security Update 127.0.2651.98 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-08-08T15:53:46 <p>Information published.</p> Chromium: CVE-2024-7535 Inappropriate implementation in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>127.0.2651.98</td> <td>127.0.6533.99/.100</td> <td>8/8/2024</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-7534 11655 11655 11655 Release Notes 11655 No Security Update 127.0.2651.98 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-08-08T15:53:50 <p>Information published.</p> Chromium: CVE-2024-7534 Heap buffer overflow in Layout <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>127.0.2651.98</td> <td>127.0.6533.99/.100</td> <td>8/8/2024</td> </tr> </tbody> </table> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-7533 11655 11655 11655 Release Notes 11655 No Security Update 127.0.2651.98 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-08-08T15:53:48 <p>Information published.</p> Adobe Systems Incorporated: CVE-2024-41879 Adobe PDF Viewer Remote Code Execution Vulnerability <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>128.0.2739.42</td> <td>128.0.6613.84/.85</td> <td>8/22/2024</td> </tr> </tbody> </table> <p><strong>Why is this Adobe CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Adobe software which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> Adobe Adobe Yes CVE-2024-41879 Out-of-bounds Read 11655 Remote Code Execution 11655 Moderate 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Release Notes 11655 No Security Update 128.0.2739.42 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 0x140ce 1.0 2024-08-22T07:00:00 <p>Information published.</p> 1.1 2024-09-19T07:00:00 <p>Updated CWE value. This is an informational change only.</p> Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p>Additionally, an attacker could convince a local user to open a malicious file. The attacker would have to convince the user to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation requires the victim to perform multiple steps to trigger the vulnerability.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>128.0.2739.42</td> <td>128.0.6613.84/.85</td> <td>8/22/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2024-38209 Access of Resource Using Incompatible Type ('Type Confusion') 11655 Remote Code Execution 11655 Important 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 128.0.2739.42 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes Nan Wang(@eternalsakura13) 1.0 2024-08-22T07:00:00 <p>Information published.</p> 1.1 2024-09-19T07:00:00 <p>Updated CWE value. This is an informational change only.</p> Microsoft Entra ID Elevation of Privilege Vulnerability <p>Improper access control in Decentralized Identity Services resulted in a vulnerability that allows an unauthenticated attacker to disable Verifiable ID's on another tenant.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploits this vulnerability could disable Verifiable IDs on another tenant.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability does not impact confidentiality (C:N), or integrity (I:N), but has a high impact on availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploits this vulnerability cannot access or modify any sensitive user data but can cause user data to become unavailable.</p> Microsoft Entra ID Microsoft No CVE-2024-43477 Improper Access Control 12383 Elevation of Privilege 12383 Critical 12383 Publicly Disclosed:No;Exploited:No 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12383 Matt Morris 1.0 2024-08-22T07:00:00 <p>Information published.</p> Windows Secure Kernel Mode Elevation of Privilege Vulnerability <h1 id="summary">Summary:</h1> <p>As of July 10, 2025 Microsoft has completed mitigations to address this vulnerability. See <a href="https://support.microsoft.com/help/5042562">KB5042562: Guidance for blocking rollback of virtualization-based security related updates</a> and the <strong>Recommended Actions</strong> section of this CVE for guidance on how to protect your systems from this vulnerability.</p> <p>An elevation of privilege vulnerability exists in Windows based systems supporting <a href="https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-vbs">Virtualization Based Security</a> (VBS), including a subset of Azure Virtual Machine SKUS. This vulnerability enables an attacker with administrator privileges to replace current versions of Windows system files with outdated versions. By exploiting this vulnerability, an attacker could reintroduce previously mitigated vulnerabilities, circumvent some features of VBS, and exfiltrate data protected by VBS.</p> <p><strong>Update: July 10, 2025</strong></p> <p>Microsoft has addressed this vulnerability for Windows 10 1507, Windows 10, version 1607, Windows 10, version 1809, and Windows Server 2016 and Windows Server 2018. This ensures that mitigations are available to protect all supported versions of Windows 10 and Windows 11 from this vulnerability. See the available mitigations and deployment guidelines described in <a href="https://support.microsoft.com/help/5042562">KB5042562: Guidance for blocking rollback of virtualization-based security related updates</a>.</p> <p><strong>Update: August 13, 2024</strong></p> <p>Microsoft has released the August 2024 security updates that include an opt-in revocation policy mitigation to address this vulnerability. Customers running affected versions of Windows are encouraged to review <a href="https://support.microsoft.com/help/5042562">KB5042562: Guidance for blocking rollback of virtualization-based security related updates</a> to assess if this opt-in policy meets the needs of their environment before implementing this mitigation. There are risks associated with this mitigation that should be understood prior to applying it to your systems. Detailed information about these risks is also available in <a href="https://support.microsoft.com/help/5042562">KB5042562</a>.</p> <h2 id="details">Details:</h2> <p>A security researcher informed Microsoft of an elevation of privilege vulnerability in Windows 10, Windows 11, Windows Server 2016, and higher based systems including Azure Virtual Machines (VM) that support VBS. For more information on Windows versions and VM SKUs supporting VBS, reference: <a href="https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-vbs">Virtualization-based Security (VBS) | Microsoft Learn</a>.</p> <p>The vulnerability enables an attacker with administrator privileges on the target system to replace current Windows system files with outdated versions. Successful exploitation provides an attacker with the ability to reintroduce previously mitigated vulnerabilities, circumvent VBS security features, and exfiltrate data protected by VBS.</p> <p>Microsoft is developing a security update that will revoke outdated, unpatched VBS system files to mitigate this vulnerability, but it is not yet available. Due to the complexity of blocking such a large quantity of files, rigorous testing is required to avoid integration failures or regressions. This CVE will be updated with new information and links to the security updates once available. We highly encourage customers subscribe to Security Update Guide notifications to be alerted of updates. For more information see <a href="https://www.microsoft.com/en-us/msrc/technical-security-notifications?rtc=1">Microsoft Technical Security Notifications</a> and <a href="https://msrc-blog.microsoft.com/2022/08/09/security-update-guide-notification-system-news-create-your-profile-now/">Security Update Guide Notification System News: Create your profile now – Microsoft Security Response Center</a></p> <p>Microsoft is not aware of any attempts to exploit this vulnerability. However, a public presentation regarding this vulnerability was hosted at BlackHat on August 7, 2024. The presentation was appropriately coordinated with Microsoft but may change the threat landscape. Customers concerned with these risks should reference the guidance provided in the <strong>Recommended Actions</strong> section to protect their systems.</p> <h2 id="recommended-actions">Recommended Actions:</h2> <p>Microsoft has released an opt-in mitigation available as an interim solution to help protect customers concerned about this vulnerability until the final mitigation is available in a security update.</p> <ul> <li>For Windows 10 1507 and later Windows version, and Windows Server 2016 and later, administrators can deploy a Microsoft-signed revocation policy (SkuSiPolicy.p7b) to block vulnerable, unpatched versions of VBS system files from being loaded by the operating system. For more information, refer to <a href="https://support.microsoft.com/help/5042562">KB5042562: Guidance for blocking rollback of virtualization-based security related updates</a>.</li> </ul> <p><strong>Caution:</strong> There are risks associated with this mitigation that should be understood prior to applying it to your systems. Detailed information about these risks is also available in <a href="https://support.microsoft.com/help/5042562">KB5042562</a>.The following recommendations do not mitigate the vulnerability but can be used to reduce the risk of exploitation until the security update is available.</p> <ul> <li><p>Configure “Audit Object Access” settings to monitor attempts to access files, such as handle creation, read / write operations, or modifications to security descriptors.</p> </li> <li><p><a href="https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/auditing/audit-file-system">Audit File System - Windows 10 | Microsoft Learn </a></p> </li> <li><p><a href="https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder">Apply a basic audit policy on a file or folder - Windows 10 | Microsoft Learn</a></p> </li> <li><p>Auditing sensitive privileges used to identify access, modification, or replacement of VBS and Backup related files could help indicate attempts to exploit this vulnerability.</p> </li> <li><p><a href="https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/auditing/audit-sensitive-privilege-use">Audit Sensitive Privilege Use - Windows 10 | Microsoft Learn</a></p> </li> <li><p>Protect your Azure tenant by investigating administrators and users flagged for risky sign-ins and rotating their credentials.</p> </li> <li><p><a href="https://learn.microsoft.com/en-us/entra/id-protection/howto-identity-protection-investigate-risk">Investigate risk Microsoft Entra ID Protection - Microsoft Entra ID Protection | Microsoft Learn</a></p> </li> <li><p>Enabling Multi-Factor Authentication can also help alleviate concerns about compromised accounts or exposure.</p> </li> <li><p><a href="https://learn.microsoft.com/en-us/azure/security/fundamentals/identity-management-best-practices#enforce-multifactor-verification-for-users">Enforce multifactor verification for users</a></p> </li> </ul> <h2 id="detections">Detections:</h2> <p>A detection has been added to Microsoft Defender for Endpoint (MDE) to alert customers using this product of an exploit attempt. Instructions for how Azure customers can integrate and enable MDE with Defender for Cloud are found here:</p> <ul> <li><a href="https://learn.microsoft.com/en-us/defender-endpoint/azure-server-integration">Integration with Microsoft Defender for Cloud - Microsoft Defender for Endpoint | Microsoft Learn </a></li> <li><a href="https://learn.microsoft.com/en-us/azure/defender-for-cloud/enable-defender-for-endpoint">Enable the Defender for Endpoint integration - Microsoft Defender for Cloud | Microsoft Learn</a></li> </ul> <p><strong>Note</strong>: False positives may be triggered by legitimate operations due to detection logic. Customers should investigate any alert for this detection to validate the root cause.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Secure Kernel Mode Microsoft Yes CVE-2024-21302 Improper Access Control 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 12389 12390 10729 10735 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5062557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062557 5060531 11568 11569 11571 11572 Yes Security Update 10.0.17763.7558 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5062557 5062557 https://support.microsoft.com/help/5062557 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11926 11927 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11926 11927 5055518 5055518 https://support.microsoft.com/help/5055518 11926 11927 12097 12098 12099 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 11929 11930 11931 Yes Security Update 10.0.19044.4780 https://support.microsoft.com/help/5041580 11929 11930 11931 5041580 5041580 https://support.microsoft.com/help/5041580 11929 11930 11931 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12389 12390 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12389 12390 5055523 5055523 https://support.microsoft.com/help/5055523 12389 12390 5062561 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062561 5060998 10729 10735 Yes Security Update 10.0.10240.21073 https://support.microsoft.com/help/5062561 10729 10735 5062561 5062560 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5062560 5061010 10852 10853 10816 10855 Yes Security Update 10.0.14393.8246 https://support.microsoft.com/help/5062560 10852 10853 10816 10855 5062560 <a href="https://twitter.com/_0xdeku">Alon Leviev</a> with <a href="https://www.safebreach.com/">SafeBreach</a> 1.0 2024-08-07T07:00:00 <p>Information published.</p> 1.1 2024-08-08T07:00:00 <p>Added the Details, Recommended Actions, and Detections sections in the CVE Executive Summary because these were omitted when the CVE was initially published.</p> 3.1 2025-05-21T07:00:00 <p>Updated the build numbers. This is an informational update only.</p> 2.0 2024-08-13T07:00:00 <p>Microsoft has released the August 2024 security updates that include an opt-in mitigation available as an interim solution to help protect customers concerned about this vulnerability until the final mitigation is available in a security update. For more information, please see <a href="https://support.microsoft.com/help/5042562">KB5042562: Guidance for blocking rollback of virtualization-based security related updates</a>.</p> 3.0 2025-04-15T07:00:00 <p>To comprehensively address CVE-2024-21302, Microsoft has released April 2025 security updates for all supported editions of Windows. Microsoft recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> 4.0 2025-07-10T07:00:00 <p>Microsoft has released July 8, 2025 security updates for Windows 10 1507, Windows 10, version 1607, Windows 10, version 1809, and Windows Server 2016 and Windows Server 2018 that provide mitigations to protect these versions of Windows from this vulnerability. This ensures that mitigations are available to protect all supported versions of Windows 10 and Windows 11 from this vulnerability. See the available mitigations and deployment guidelines described in <a href="https://support.microsoft.com/help/5042562">KB5042562: Guidance for blocking rollback of virtualization-based security related updates</a>.</p> Redhat: CVE-2023-40547 Shim - RCE in HTTP boot support may lead to secure boot bypass <p><strong>Why is this Red Hat, Inc. CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Linux Shim boot. It is being documented in the Security Update Guide to announce that the latest builds of Microsoft Windows address this vulnerability by blocking old, unpatched, Linux boot loaders by applying SBAT (Secure Boot Advanced Targeting) EFI variables in the UEFI library. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p> <p>For more information see: <a href="https://access.redhat.com/security/cve/CVE-2023-40547">CVE-2023-40547</a>.</p> <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> <p><strong>Will this update affect my ability to boot Linux after applying this update?</strong></p> <p>To address this security issue, Windows will apply a Secure Boot Advanced Targeting (SBAT) update to block vulnerable Linux boot loaders that could have an impact on Windows security. The SBAT value is not applied to dual-boot systems that boot both Windows and Linux and should not affect these systems. You might find that older Linux distribution ISOs will not boot. If this occurs, work with your Linux vendor to get an update.</p> <p><strong>Update, September 19, 2024</strong>: To address a known issue on systems with dual booting for Windows and Linux, we have reconfigured the manner in which this fix can be applied. Starting with the September 10, 2024 security updates, the fix will not automatically apply the SBAT update to the firmware. Customers who have applied the August 13, 2024 security updates will have the SBAT update in firmware and will be protected. Customers who have devices with Windows system only and who have not applied the August updates and who want to be protected from this issue can either apply the August 13, 2024 updates or apply the September 10, 2024 updates and set the following registry key from an Administrator command prompt:</p> <p><code>reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Secureboot /v AvailableUpdates /t REG_DWORD /d 0x400 /f”</code></p> <p><strong>Update, May 16, 2024</strong>: The security updates released on May 13, 2025 apply improvements to SBAT for the detection of Linux systems, and address the known issue with dual booting for Windows and Linux.</p> Windows Secure Boot Red Hat, Inc. Yes CVE-2023-40547 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 12389 12390 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Security Feature Bypass 12389 Security Feature Bypass 12390 Critical 11568 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 12242 Critical 12243 Critical 12244 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Critical 12389 Critical 12390 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.3 8.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 11568 8.3 8.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 11569 8.3 8.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 11571 8.3 8.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 11572 8.3 8.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 11923 8.3 8.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 11924 8.3 8.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 11926 8.3 8.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 11927 8.3 8.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 11929 8.3 8.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 11930 8.3 8.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 11931 8.3 8.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 12085 8.3 8.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 12086 8.3 8.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 12097 8.3 8.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 12098 8.3 8.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 12099 8.3 8.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 12242 8.3 8.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 12243 8.3 8.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 12244 8.3 8.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 10729 8.3 8.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 10735 8.3 8.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 10852 8.3 8.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 10853 8.3 8.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 10816 8.3 8.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 10855 8.3 8.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 10378 8.3 8.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 10379 8.3 8.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 10483 8.3 8.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 10543 8.3 8.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 12389 8.3 8.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 12390 5055519 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055519 5053596 11568 11569 11571 11572 Yes Security Update 10.0.17763.7136 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055519 5055519 https://support.microsoft.com/help/5055519 11568 11569 11571 11572 5055526 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055526 5053603 11923 11924 Yes Security Update 10.0.20348.3453 https://support.microsoft.com/help/5055526 11923 11924 5055526 5055526 https://support.microsoft.com/help/5055526 11923 11924 5041592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041592 5040431 11926 11927 Yes Security Update 10.0.22000.3147 https://support.microsoft.com/help/5041592 11926 11927 5041592 5041592 https://support.microsoft.com/help/5041592 11926 11927 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 11929 11930 11931 Yes Security Update 10.0.19044.5737 https://support.microsoft.com/help/5055518 11929 11930 11931 5055518 5055518 https://support.microsoft.com/help/5055518 11929 11930 11931 12097 12098 12099 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12085 12086 12390 Yes Security Update 10.0.22621.5189 https://support.microsoft.com/help/5055528 12085 12086 12390 5055528 5055528 https://support.microsoft.com/help/5055528 12085 12086 12242 12243 12390 5055518 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055518 5053606 12097 12098 12099 Yes Security Update 10.0.19045.5737 https://support.microsoft.com/help/5055518 12097 12098 12099 5055518 5055528 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528 5053602 12242 12243 Yes Security Update 10.0.22631.5189 https://support.microsoft.com/help/5055528 12242 12243 5055528 5055527 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055527 5053599 12244 Yes Security Update 10.0.25398.1551 https://support.microsoft.com/help/5055527 12244 5055527 5055527 https://support.microsoft.com/help/5055527 12244 5055547 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055547 5053618 10729 10735 Yes Security Update 10.0.10240.20978 https://support.microsoft.com/help/5055547 10729 10735 5055547 5055521 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055521 5053594 10852 10853 10816 10855 Yes Security Update 10.0.14393.7969 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055521 5055521 https://support.microsoft.com/help/5055521 10852 10853 10816 10855 5055581 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055581 5053886 10378 10379 Yes Monthly Rollup 6.2.9200.25423 https://support.microsoft.com/help/5055581 10378 10379 5055581 5055557 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055557 5053887 10483 10543 Yes Monthly Rollup 6.3.9600.22523 https://support.microsoft.com/help/5055557 10483 10543 5055557 5055523 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055523 5053598 12389 Yes Security Update 10.0.26100.3775 https://support.microsoft.com/help/5055523 12389 5055523 5055523 https://support.microsoft.com/help/5055523 12389 Bill Demirkapi with Microsoft 3.0 2025-05-16T07:00:00 <p>In the Security Updates table, updated Download and Article links for all supported versions of Windows to the security updates released on May 13, 2025. These updates apply improvements to SBAT for the detection of Linux systems, and address the known issue with dual booting for Windows and Linux.</p> <p>Customers who experienced issues with dual booting Windows and Linux should install the May 13, 2025 security updates. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> 1.0 2024-08-13T07:00:00 <p>Information published.</p> 2.0 2024-09-19T07:00:00 <p>Updated FAQs with the following information: To address a known issue on systems with dual booting for Windows and Linux, we have reconfigured the manner in which this fix can be applied. Starting with the September 10, 2024 security updates, the fix will not automatically apply the SBAT update to the firmware. Customers who have applied the August 13, 2024 security updates will have the SBAT update in firmware and will be protected. Customers who have devices with Windows system only and who have not applied the August updates and who want to be protected from this issue can either apply the August 13, 2024 updates or apply the September 10, 2024 updates and set the following registry key from an Administrator command prompt:</p> <p><code>reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Secureboot /v AvailableUpdates /t REG_DWORD /d 0x400 /f”</code></p> Microsoft OfficePlus Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft Office Microsoft Yes CVE-2024-38084 Improper Link Resolution Before File Access ('Link Following') 12353 Elevation of Privilege 12353 Important 12353 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12353 Release Notes https://www.officeplus.cn/addin/OPCN/?source=OPCNNAVI 12353 Maybe Security Update 3.2.0.27546 https://www.officeplus.cn/ 12353 Release Notes <a href="https://twitter.com/crispr56338851">Crispr Xiang(@Crispr)</a> with FDU 1.0 2024-08-13T07:00:00 <p>Information published.</p> Windows TCP/IP Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could repeatedly send IPv6 packets, that include specially crafted packets, to a Windows machine which could enable remote code execution.</p> <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> Windows TCP/IP Microsoft Yes CVE-2024-38063 Integer Underflow (Wrap or Wraparound) 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 12389 12390 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Remote Code Execution 12389 Remote Code Execution 12390 Critical 11568 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 12242 Critical 12243 Critical 12244 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Critical 12389 Critical 12390 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 5043050 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5043050 5041578 11568 11569 11571 11572 Yes Security Update 10.0.17763.6293 https://support.microsoft.com/help/5043050 11568 11569 11571 11572 5043050 5043050 https://support.microsoft.com/help/5043050 11568 11569 11571 11572 5042881 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5042881 5041160 11923 11924 Yes Security Update 10.0.20348.2700 https://support.microsoft.com/help/5042881 11923 11924 5042881 5042881 https://support.microsoft.com/help/5042881 11923 11924 5043067 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5043067 5041592 11926 11927 Yes Security Update 10.0.22000.3197 https://support.microsoft.com/help/5043067 11926 11927 5043067 5043067 https://support.microsoft.com/help/5043067 11926 11927 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 11929 11930 11931 Yes Security Update 10.0.19044.4780 https://support.microsoft.com/help/5041580 11929 11930 11931 5041580 5041580 https://support.microsoft.com/help/5041580 11929 11930 11931 12097 12098 12099 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12085 12086 Yes Security Update 10.0.22621.4037 https://support.microsoft.com/help/5041585 12085 12086 5041585 5041585 https://support.microsoft.com/help/5041585 12085 12086 12242 12243 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 12097 12098 12099 Yes Security Update 10.0.19045.4780 https://support.microsoft.com/help/5041580 12097 12098 12099 5041580 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12242 12243 Yes Security Update 10.0.22631.4037 https://support.microsoft.com/help/5041585 12242 12243 5041585 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041782 5040448 10729 10735 Yes Security Update 10.0.10240.20751 https://support.microsoft.com/help/5041782 10729 10735 5041782 5041782 https://support.microsoft.com/help/5041782 10729 10735 5041773 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773 5040434 10852 10853 10816 10855 Yes Security Update 10.0.14393.7259 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041773 5041773 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041850 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041850 5040499 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22825 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041850 5041850 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041847 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041847 9312 10287 9318 9344 Yes Security Only 6.0.6003.22825 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041847 5041847 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041838 5040497 10051 10049 Yes Monthly Rollup 6.1.7601.27277 https://support.microsoft.com/help/5041838 10051 10049 5041838 5041838 https://support.microsoft.com/help/5041838 10051 10049 5041823 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041823 10051 10049 Yes Security Only 6.1.7601.27277 https://support.microsoft.com/help/5041823 10051 10049 5041823 5041851 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041851 5040485 10378 10379 Yes Monthly Rollup 6.2.9200.25031 https://support.microsoft.com/help/5041851 10378 10379 5041851 5041851 https://support.microsoft.com/help/5041851 10378 10379 5041828 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041828 5040456 10483 10543 Yes Monthly Rollup 6.3.9600.22134 https://support.microsoft.com/help/5041828 10483 10543 5041828 5041828 https://support.microsoft.com/help/5041828 10483 10543 5041571 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571 5040435 12389 12390 Yes Security Update 10.0.26100.1457 https://support.microsoft.com/help/5041571 12389 12390 5041571 5041571 https://support.microsoft.com/help/5041571 12389 12390 <p>Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:</p> <ul> <li>Systems are not affected if IPv6 is disabled on the target machine.</li> </ul> Wei in Kunlun Lab with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 2.0 2024-09-10T07:00:00 <p>To comprehensively address CVE-2024-38063, Microsoft has released September 2024 security updates for all affected versions of Windows 10 Version 1809, Windows Server 2019, Windows Server 2022, and Windows 11 Version 21H2. Microsoft recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> 1.0 2024-08-13T07:00:00 <p>Information published.</p> Azure Connected Machine Agent Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Azure Connected Machine Agent Microsoft Yes CVE-2024-38098 Improper Link Resolution Before File Access ('Link Following') 12264 Elevation of Privilege 12264 Important 12264 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12264 Release Notes https://learn.microsoft.com/en-us/azure/azure-arc/servers/manage-agent?tabs=windows#upgrade-the-agent 12264 Maybe Security Update 1.44 https://learn.microsoft.com/en-us/azure/azure-arc/servers/agent-release-notes#version-144---july-2024 12264 Release Notes <a href="https://twitter.com/filip_dragovic">Filip Dragović</a> <a href="https://twitter.com/crispr56338851">BochengXiang(@Crispr)</a> with <a href="https://secsys.fudan.edu.cn/">FDU</a> <a href="https://twitter.com/sim0nsecurity">@sim0nsecurity</a> 1.0 2024-08-13T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> Windows Kernel Microsoft Yes CVE-2024-38106 Sensitive Data Storage in Improperly Locked Memory 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 12389 12390 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 12389 Elevation of Privilege 12390 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 12389 Important 12390 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected 7.0 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11568 7.0 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11569 7.0 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11571 7.0 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11572 7.0 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11923 7.0 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11924 7.0 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11926 7.0 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11927 7.0 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11929 7.0 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11930 7.0 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11931 7.0 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12085 7.0 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12086 7.0 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12097 7.0 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12098 7.0 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12099 7.0 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12242 7.0 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12243 7.0 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12244 7.0 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10729 7.0 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10735 7.0 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10852 7.0 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10853 7.0 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10816 7.0 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10855 7.0 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12389 7.0 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12390 5041578 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578 5040430 11568 11569 11571 11572 Yes Security Update 10.0.17763.6189 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041578 5041578 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041592 5040431 11926 11927 Yes Security Update 10.0.22000.3147 https://support.microsoft.com/help/5041592 11926 11927 5041592 5041592 https://support.microsoft.com/help/5041592 11926 11927 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 11929 11930 11931 Yes Security Update 10.0.19044.4780 https://support.microsoft.com/help/5041580 11929 11930 11931 5041580 5041580 https://support.microsoft.com/help/5041580 11929 11930 11931 12097 12098 12099 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12085 12086 Yes Security Update 10.0.22621.4037 https://support.microsoft.com/help/5041585 12085 12086 5041585 5041585 https://support.microsoft.com/help/5041585 12085 12086 12242 12243 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 12097 12098 12099 Yes Security Update 10.0.19045.4780 https://support.microsoft.com/help/5041580 12097 12098 12099 5041580 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12242 12243 Yes Security Update 10.0.22631.4037 https://support.microsoft.com/help/5041585 12242 12243 5041585 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041782 5040448 10729 10735 Yes Security Update 10.0.10240.20751 https://support.microsoft.com/help/5041782 10729 10735 5041782 5041782 https://support.microsoft.com/help/5041782 10729 10735 5041773 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773 5040434 10852 10853 10816 10855 Yes Security Update 10.0.14393.7259 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041773 5041773 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041571 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571 5040435 12389 12390 Yes Security Update 10.0.26100.1457 https://support.microsoft.com/help/5041571 12389 12390 5041571 5041571 https://support.microsoft.com/help/5041571 12389 12390 Anonymous 1.0 2024-08-13T07:00:00 <p>Information published.</p> Windows Power Dependency Coordinator Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> Windows Power Dependency Coordinator Microsoft Yes CVE-2024-38107 Use After Free 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 12389 12390 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Elevation of Privilege 12389 Elevation of Privilege 12390 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Important 12389 Important 12390 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11568 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11569 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11571 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11572 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11923 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11924 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11926 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11927 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11929 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11930 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11931 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12085 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12086 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12097 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12098 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12099 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12242 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12243 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12244 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10729 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10735 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10852 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10853 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10816 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10855 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10378 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10379 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10483 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10543 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12389 7.8 7.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12390 5041578 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578 5040430 11568 11569 11571 11572 Yes Security Update 10.0.17763.6189 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041578 5041578 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041592 5040431 11926 11927 Yes Security Update 10.0.22000.3147 https://support.microsoft.com/help/5041592 11926 11927 5041592 5041592 https://support.microsoft.com/help/5041592 11926 11927 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 11929 11930 11931 Yes Security Update 10.0.19044.4780 https://support.microsoft.com/help/5041580 11929 11930 11931 5041580 5041580 https://support.microsoft.com/help/5041580 11929 11930 11931 12097 12098 12099 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12085 12086 Yes Security Update 10.0.22621.4037 https://support.microsoft.com/help/5041585 12085 12086 5041585 5041585 https://support.microsoft.com/help/5041585 12085 12086 12242 12243 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 12097 12098 12099 Yes Security Update 10.0.19045.4780 https://support.microsoft.com/help/5041580 12097 12098 12099 5041580 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12242 12243 Yes Security Update 10.0.22631.4037 https://support.microsoft.com/help/5041585 12242 12243 5041585 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041782 5040448 10729 10735 Yes Security Update 10.0.10240.20751 https://support.microsoft.com/help/5041782 10729 10735 5041782 5041782 https://support.microsoft.com/help/5041782 10729 10735 5041773 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773 5040434 10852 10853 10816 10855 Yes Security Update 10.0.14393.7259 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041773 5041773 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041851 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041851 5040485 10378 10379 Yes Monthly Rollup 6.2.9200.25031 https://support.microsoft.com/help/5041851 10378 10379 5041851 5041851 https://support.microsoft.com/help/5041851 10378 10379 5041828 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041828 5040456 10483 10543 Yes Monthly Rollup 6.3.9600.22134 https://support.microsoft.com/help/5041828 10483 10543 5041828 5041828 https://support.microsoft.com/help/5041828 10483 10543 5041571 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571 5040435 12389 12390 Yes Security Update 10.0.26100.1457 https://support.microsoft.com/help/5041571 12389 12390 5041571 5041571 https://support.microsoft.com/help/5041571 12389 12390 Anonymous 1.0 2024-08-13T07:00:00 <p>Information published.</p> Windows Kerberos Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack.</p> Windows Kerberos Microsoft Yes CVE-2024-29995 Observable Timing Discrepancy 11568 11569 11571 11572 11923 11924 11929 11930 11931 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5041578 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578 5040430 11568 11569 11571 11572 Yes Security Update 10.0.17763.6189 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041578 5041578 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 11929 11930 11931 Yes Security Update 10.0.19044.4780 https://support.microsoft.com/help/5041580 11929 11930 11931 5041580 5041580 https://support.microsoft.com/help/5041580 11929 11930 11931 12097 12098 12099 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 12097 12098 12099 Yes Security Update 10.0.19045.4780 https://support.microsoft.com/help/5041580 12097 12098 12099 5041580 5041782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041782 5040448 10729 10735 Yes Security Update 10.0.10240.20751 https://support.microsoft.com/help/5041782 10729 10735 5041782 5041782 https://support.microsoft.com/help/5041782 10729 10735 5041773 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773 5040434 10852 10853 10816 10855 Yes Security Update 10.0.14393.7259 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041773 5041773 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041850 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041850 5040499 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22825 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041850 5041850 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041847 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041847 9312 10287 9318 9344 Yes Security Only 6.0.6003.22825 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041847 5041847 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041838 5040497 10051 10049 Yes Monthly Rollup 6.1.7601.27277 https://support.microsoft.com/help/5041838 10051 10049 5041838 5041838 https://support.microsoft.com/help/5041838 10051 10049 5041823 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041823 10051 10049 Yes Security Only 6.1.7601.27277 https://support.microsoft.com/help/5041823 10051 10049 5041823 5041851 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041851 5040485 10378 10379 Yes Monthly Rollup 6.2.9200.25031 https://support.microsoft.com/help/5041851 10378 10379 5041851 5041851 https://support.microsoft.com/help/5041851 10378 10379 5041828 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041828 5040456 10483 10543 Yes Monthly Rollup 6.3.9600.22134 https://support.microsoft.com/help/5041828 10483 10543 5041828 5041828 https://support.microsoft.com/help/5041828 10483 10543 <a href="https://eyalro.net/">Eyal Ronen (Tel Aviv University)</a> with <a href="https://scholar.google.com/citations">Michal Shagam (Tel Aviv University)</a> 1.0 2024-08-13T07:00:00 <p>Information published.</p> Windows IP Routing Management Snapin Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.</p> <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> Windows IP Routing Management Snapin Microsoft Yes CVE-2024-38114 Heap-based Buffer Overflow 12389 12390 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 12389 Important 12390 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5041571 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571 5040435 12389 12390 Yes Security Update 10.0.26100.1457 https://support.microsoft.com/help/5041571 12389 12390 5041571 5041571 https://support.microsoft.com/help/5041571 12389 12390 5041578 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578 5040430 11568 11569 11571 11572 Yes Security Update 10.0.17763.6189 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041578 5041578 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041592 5040431 11926 11927 Yes Security Update 10.0.22000.3147 https://support.microsoft.com/help/5041592 11926 11927 5041592 5041592 https://support.microsoft.com/help/5041592 11926 11927 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 11929 11930 11931 Yes Security Update 10.0.19044.4780 https://support.microsoft.com/help/5041580 11929 11930 11931 5041580 5041580 https://support.microsoft.com/help/5041580 11929 11930 11931 12097 12098 12099 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12085 12086 Yes Security Update 10.0.22621.4037 https://support.microsoft.com/help/5041585 12085 12086 5041585 5041585 https://support.microsoft.com/help/5041585 12085 12086 12242 12243 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 12097 12098 12099 Yes Security Update 10.0.19045.4780 https://support.microsoft.com/help/5041580 12097 12098 12099 5041580 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12242 12243 Yes Security Update 10.0.22631.4037 https://support.microsoft.com/help/5041585 12242 12243 5041585 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041782 5040448 10729 10735 Yes Security Update 10.0.10240.20751 https://support.microsoft.com/help/5041782 10729 10735 5041782 5041782 https://support.microsoft.com/help/5041782 10729 10735 5041773 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773 5040434 10852 10853 10816 10855 Yes Security Update 10.0.14393.7259 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041773 5041773 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041850 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041850 5040499 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22825 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041850 5041850 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041847 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041847 9312 10287 9318 9344 Yes Security Only 6.0.6003.22825 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041847 5041847 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041838 5040497 10051 10049 Yes Monthly Rollup 6.1.7601.27277 https://support.microsoft.com/help/5041838 10051 10049 5041838 5041838 https://support.microsoft.com/help/5041838 10051 10049 5041823 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041823 10051 10049 Yes Security Only 6.1.7601.27277 https://support.microsoft.com/help/5041823 10051 10049 5041823 5041851 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041851 5040485 10378 10379 Yes Monthly Rollup 6.2.9200.25031 https://support.microsoft.com/help/5041851 10378 10379 5041851 5041851 https://support.microsoft.com/help/5041851 10378 10379 5041828 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041828 5040456 10483 10543 Yes Monthly Rollup 6.3.9600.22134 https://support.microsoft.com/help/5041828 10483 10543 5041828 5041828 https://support.microsoft.com/help/5041828 10483 10543 QingHe Xie FangMing Gu Anonymous 1.0 2024-08-13T07:00:00 <p>Information published.</p> Windows IP Routing Management Snapin Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> Windows IP Routing Management Snapin Microsoft Yes CVE-2024-38115 Heap-based Buffer Overflow 12389 12390 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 12389 Important 12390 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5041571 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571 5040435 12389 12390 Yes Security Update 10.0.26100.1457 https://support.microsoft.com/help/5041571 12389 12390 5041571 5041571 https://support.microsoft.com/help/5041571 12389 12390 5041578 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578 5040430 11568 11569 11571 11572 Yes Security Update 10.0.17763.6189 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041578 5041578 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041592 5040431 11926 11927 Yes Security Update 10.0.22000.3147 https://support.microsoft.com/help/5041592 11926 11927 5041592 5041592 https://support.microsoft.com/help/5041592 11926 11927 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 11929 11930 11931 Yes Security Update 10.0.19044.4780 https://support.microsoft.com/help/5041580 11929 11930 11931 5041580 5041580 https://support.microsoft.com/help/5041580 11929 11930 11931 12097 12098 12099 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12085 12086 Yes Security Update 10.0.22621.4037 https://support.microsoft.com/help/5041585 12085 12086 5041585 5041585 https://support.microsoft.com/help/5041585 12085 12086 12242 12243 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 12097 12098 12099 Yes Security Update 10.0.19045.4780 https://support.microsoft.com/help/5041580 12097 12098 12099 5041580 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12242 12243 Yes Security Update 10.0.22631.4037 https://support.microsoft.com/help/5041585 12242 12243 5041585 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041782 5040448 10729 10735 Yes Security Update 10.0.10240.20751 https://support.microsoft.com/help/5041782 10729 10735 5041782 5041782 https://support.microsoft.com/help/5041782 10729 10735 5041773 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773 5040434 10852 10853 10816 10855 Yes Security Update 10.0.14393.7259 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041773 5041773 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041850 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041850 5040499 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22825 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041850 5041850 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041847 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041847 9312 10287 9318 9344 Yes Security Only 6.0.6003.22825 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041847 5041847 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041838 5040497 10051 10049 Yes Monthly Rollup 6.1.7601.27277 https://support.microsoft.com/help/5041838 10051 10049 5041838 5041838 https://support.microsoft.com/help/5041838 10051 10049 5041823 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041823 10051 10049 Yes Security Only 6.1.7601.27277 https://support.microsoft.com/help/5041823 10051 10049 5041823 5041851 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041851 5040485 10378 10379 Yes Monthly Rollup 6.2.9200.25031 https://support.microsoft.com/help/5041851 10378 10379 5041851 5041851 https://support.microsoft.com/help/5041851 10378 10379 5041828 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041828 5040456 10483 10543 Yes Monthly Rollup 6.3.9600.22134 https://support.microsoft.com/help/5041828 10483 10543 5041828 5041828 https://support.microsoft.com/help/5041828 10483 10543 Anonymous QingHe Xie FangMing Gu 1.0 2024-08-13T07:00:00 <p>Information published.</p> Windows IP Routing Management Snapin Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> Windows IP Routing Management Snapin Microsoft Yes CVE-2024-38116 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 12389 12390 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Remote Code Execution 12389 Remote Code Execution 12390 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Important 12389 Important 12390 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 5041578 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578 5040430 11568 11569 11571 11572 Yes Security Update 10.0.17763.6189 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041578 5041578 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041592 5040431 11926 11927 Yes Security Update 10.0.22000.3147 https://support.microsoft.com/help/5041592 11926 11927 5041592 5041592 https://support.microsoft.com/help/5041592 11926 11927 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 11929 11930 11931 Yes Security Update 10.0.19044.4780 https://support.microsoft.com/help/5041580 11929 11930 11931 5041580 5041580 https://support.microsoft.com/help/5041580 11929 11930 11931 12097 12098 12099 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12085 12086 Yes Security Update 10.0.22621.4037 https://support.microsoft.com/help/5041585 12085 12086 5041585 5041585 https://support.microsoft.com/help/5041585 12085 12086 12242 12243 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 12097 12098 12099 Yes Security Update 10.0.19045.4780 https://support.microsoft.com/help/5041580 12097 12098 12099 5041580 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12242 12243 Yes Security Update 10.0.22631.4037 https://support.microsoft.com/help/5041585 12242 12243 5041585 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041782 5040448 10729 10735 Yes Security Update 10.0.10240.20751 https://support.microsoft.com/help/5041782 10729 10735 5041782 5041782 https://support.microsoft.com/help/5041782 10729 10735 5041773 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773 5040434 10852 10853 10816 10855 Yes Security Update 10.0.14393.7259 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041773 5041773 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041850 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041850 5040499 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22825 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041850 5041850 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041847 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041847 9312 10287 9318 9344 Yes Security Only 6.0.6003.22825 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041847 5041847 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041838 5040497 10051 10049 Yes Monthly Rollup 6.1.7601.27277 https://support.microsoft.com/help/5041838 10051 10049 5041838 5041838 https://support.microsoft.com/help/5041838 10051 10049 5041823 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041823 10051 10049 Yes Security Only 6.1.7601.27277 https://support.microsoft.com/help/5041823 10051 10049 5041823 5041851 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041851 5040485 10378 10379 Yes Monthly Rollup 6.2.9200.25031 https://support.microsoft.com/help/5041851 10378 10379 5041851 5041851 https://support.microsoft.com/help/5041851 10378 10379 5041828 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041828 5040456 10483 10543 Yes Monthly Rollup 6.3.9600.22134 https://support.microsoft.com/help/5041828 10483 10543 5041828 5041828 https://support.microsoft.com/help/5041828 10483 10543 5041571 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571 5040435 12389 12390 Yes Security Update 10.0.26100.1457 https://support.microsoft.com/help/5041571 12389 12390 5041571 5041571 https://support.microsoft.com/help/5041571 12389 12390 QingHe Xie FangMing Gu Anonymous 1.0 2024-08-13T07:00:00 <p>Information published.</p> NTFS Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, privileges required is Low (PR:L). What does that mean for this vulnerability?</strong></p> <p>To exploit this vulnerability an attacker must have an account with the User role assigned.</p> <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> Windows NTFS Microsoft Yes CVE-2024-38117 Out-of-bounds Read 12389 12390 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 12389 Important 12390 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5041571 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571 5040435 12389 12390 Yes Security Update 10.0.26100.1457 https://support.microsoft.com/help/5041571 12389 12390 5041571 5041571 https://support.microsoft.com/help/5041571 12389 12390 5041578 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578 5040430 11568 11569 11571 11572 Yes Security Update 10.0.17763.6189 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041578 5041578 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041592 5040431 11926 11927 Yes Security Update 10.0.22000.3147 https://support.microsoft.com/help/5041592 11926 11927 5041592 5041592 https://support.microsoft.com/help/5041592 11926 11927 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 11929 11930 11931 Yes Security Update 10.0.19044.4780 https://support.microsoft.com/help/5041580 11929 11930 11931 5041580 5041580 https://support.microsoft.com/help/5041580 11929 11930 11931 12097 12098 12099 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12085 12086 Yes Security Update 10.0.22621.4037 https://support.microsoft.com/help/5041585 12085 12086 5041585 5041585 https://support.microsoft.com/help/5041585 12085 12086 12242 12243 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 12097 12098 12099 Yes Security Update 10.0.19045.4780 https://support.microsoft.com/help/5041580 12097 12098 12099 5041580 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12242 12243 Yes Security Update 10.0.22631.4037 https://support.microsoft.com/help/5041585 12242 12243 5041585 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041782 5040448 10729 10735 Yes Security Update 10.0.10240.20751 https://support.microsoft.com/help/5041782 10729 10735 5041782 5041782 https://support.microsoft.com/help/5041782 10729 10735 5041773 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773 5040434 10852 10853 10816 10855 Yes Security Update 10.0.14393.7259 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041773 5041773 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041850 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041850 5040499 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22825 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041850 5041850 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041847 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041847 9312 10287 9318 9344 Yes Security Only 6.0.6003.22825 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041847 5041847 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041838 5040497 10051 10049 Yes Monthly Rollup 6.1.7601.27277 https://support.microsoft.com/help/5041838 10051 10049 5041838 5041838 https://support.microsoft.com/help/5041838 10051 10049 5041823 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041823 10051 10049 Yes Security Only 6.1.7601.27277 https://support.microsoft.com/help/5041823 10051 10049 5041823 5041851 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041851 5040485 10378 10379 Yes Monthly Rollup 6.2.9200.25031 https://support.microsoft.com/help/5041851 10378 10379 5041851 5041851 https://support.microsoft.com/help/5041851 10378 10379 5041828 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041828 5040456 10483 10543 Yes Monthly Rollup 6.3.9600.22134 https://support.microsoft.com/help/5041828 10483 10543 5041828 5041828 https://support.microsoft.com/help/5041828 10483 10543 <a href="https://x.com/yarden_shafir">Yarden Shafir</a> hazard 1.0 2024-08-13T07:00:00 <p>Information published.</p> Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of stack memory.</p> <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> Microsoft Local Security Authority Server (lsasrv) Microsoft Yes CVE-2024-38118 Use of Uninitialized Resource 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 12389 12390 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Information Disclosure 12389 Information Disclosure 12390 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Important 12389 Important 12390 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5041578 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578 5040430 11568 11569 11571 11572 Yes Security Update 10.0.17763.6189 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041578 5041578 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041592 5040431 11926 11927 Yes Security Update 10.0.22000.3147 https://support.microsoft.com/help/5041592 11926 11927 5041592 5041592 https://support.microsoft.com/help/5041592 11926 11927 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 11929 11930 11931 Yes Security Update 10.0.19044.4780 https://support.microsoft.com/help/5041580 11929 11930 11931 5041580 5041580 https://support.microsoft.com/help/5041580 11929 11930 11931 12097 12098 12099 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12085 12086 Yes Security Update 10.0.22621.4037 https://support.microsoft.com/help/5041585 12085 12086 5041585 5041585 https://support.microsoft.com/help/5041585 12085 12086 12242 12243 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 12097 12098 12099 Yes Security Update 10.0.19045.4780 https://support.microsoft.com/help/5041580 12097 12098 12099 5041580 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12242 12243 Yes Security Update 10.0.22631.4037 https://support.microsoft.com/help/5041585 12242 12243 5041585 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041782 5040448 10729 10735 Yes Security Update 10.0.10240.20751 https://support.microsoft.com/help/5041782 10729 10735 5041782 5041782 https://support.microsoft.com/help/5041782 10729 10735 5041773 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773 5040434 10852 10853 10816 10855 Yes Security Update 10.0.14393.7259 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041773 5041773 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041850 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041850 5040499 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22825 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041850 5041850 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041847 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041847 9312 10287 9318 9344 Yes Security Only 6.0.6003.22825 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041847 5041847 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041838 5040497 10051 10049 Yes Monthly Rollup 6.1.7601.27277 https://support.microsoft.com/help/5041838 10051 10049 5041838 5041838 https://support.microsoft.com/help/5041838 10051 10049 5041823 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041823 10051 10049 Yes Security Only 6.1.7601.27277 https://support.microsoft.com/help/5041823 10051 10049 5041823 5041851 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041851 5040485 10378 10379 Yes Monthly Rollup 6.2.9200.25031 https://support.microsoft.com/help/5041851 10378 10379 5041851 5041851 https://support.microsoft.com/help/5041851 10378 10379 5041828 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041828 5040456 10483 10543 Yes Monthly Rollup 6.3.9600.22134 https://support.microsoft.com/help/5041828 10483 10543 5041828 5041828 https://support.microsoft.com/help/5041828 10483 10543 5041571 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571 5040435 12389 12390 Yes Security Update 10.0.26100.1457 https://support.microsoft.com/help/5041571 12389 12390 5041571 5041571 https://support.microsoft.com/help/5041571 12389 12390 Anonymous 1.0 2024-08-13T07:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>This attack requires an admin user on the client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2024-38121 Heap-based Buffer Overflow 11571 11572 11923 11924 12244 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12244 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12244 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5041578 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578 5040430 11571 11572 Yes Security Update 10.0.17763.6189 https://support.microsoft.com/help/5041578 11571 11572 5041578 5041578 https://support.microsoft.com/help/5041578 11571 11572 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041773 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773 5040434 10816 10855 Yes Security Update 10.0.14393.7259 https://support.microsoft.com/help/5041773 10816 10855 5041773 5041773 https://support.microsoft.com/help/5041773 10816 10855 5041850 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041850 5040499 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22825 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041850 5041850 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041847 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041847 9312 10287 9318 9344 Yes Security Only 6.0.6003.22825 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041847 5041847 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041838 5040497 10051 10049 Yes Monthly Rollup 6.1.7601.27277 https://support.microsoft.com/help/5041838 10051 10049 5041838 5041838 https://support.microsoft.com/help/5041838 10051 10049 5041823 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041823 10051 10049 Yes Security Only 6.1.7601.27277 https://support.microsoft.com/help/5041823 10051 10049 5041823 5041851 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041851 5040485 10378 10379 Yes Monthly Rollup 6.2.9200.25031 https://support.microsoft.com/help/5041851 10378 10379 5041851 5041851 https://support.microsoft.com/help/5041851 10378 10379 5041828 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041828 5040456 10483 10543 Yes Monthly Rollup 6.3.9600.22134 https://support.microsoft.com/help/5041828 10483 10543 5041828 5041828 https://support.microsoft.com/help/5041828 10483 10543 Anonymous 1.0 2024-08-13T07:00:00 <p>Information published.</p> Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of stack memory.</p> <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> Microsoft Local Security Authority Server (lsasrv) Microsoft Yes CVE-2024-38122 Use of Uninitialized Resource 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 12389 12390 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Information Disclosure 12389 Information Disclosure 12390 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Important 12389 Important 12390 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5041578 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578 5040430 11568 11569 11571 11572 Yes Security Update 10.0.17763.6189 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041578 5041578 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041592 5040431 11926 11927 Yes Security Update 10.0.22000.3147 https://support.microsoft.com/help/5041592 11926 11927 5041592 5041592 https://support.microsoft.com/help/5041592 11926 11927 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 11929 11930 11931 Yes Security Update 10.0.19044.4780 https://support.microsoft.com/help/5041580 11929 11930 11931 5041580 5041580 https://support.microsoft.com/help/5041580 11929 11930 11931 12097 12098 12099 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12085 12086 Yes Security Update 10.0.22621.4037 https://support.microsoft.com/help/5041585 12085 12086 5041585 5041585 https://support.microsoft.com/help/5041585 12085 12086 12242 12243 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 12097 12098 12099 Yes Security Update 10.0.19045.4780 https://support.microsoft.com/help/5041580 12097 12098 12099 5041580 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12242 12243 Yes Security Update 10.0.22631.4037 https://support.microsoft.com/help/5041585 12242 12243 5041585 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041782 5040448 10729 10735 Yes Security Update 10.0.10240.20751 https://support.microsoft.com/help/5041782 10729 10735 5041782 5041782 https://support.microsoft.com/help/5041782 10729 10735 5041773 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773 5040434 10852 10853 10816 10855 Yes Security Update 10.0.14393.7259 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041773 5041773 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041850 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041850 5040499 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22825 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041850 5041850 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041847 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041847 9312 10287 9318 9344 Yes Security Only 6.0.6003.22825 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041847 5041847 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041838 5040497 10051 10049 Yes Monthly Rollup 6.1.7601.27277 https://support.microsoft.com/help/5041838 10051 10049 5041838 5041838 https://support.microsoft.com/help/5041838 10051 10049 5041823 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041823 10051 10049 Yes Security Only 6.1.7601.27277 https://support.microsoft.com/help/5041823 10051 10049 5041823 5041851 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041851 5040485 10378 10379 Yes Monthly Rollup 6.2.9200.25031 https://support.microsoft.com/help/5041851 10378 10379 5041851 5041851 https://support.microsoft.com/help/5041851 10378 10379 5041828 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041828 5040456 10483 10543 Yes Monthly Rollup 6.3.9600.22134 https://support.microsoft.com/help/5041828 10483 10543 5041828 5041828 https://support.microsoft.com/help/5041828 10483 10543 5041571 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571 5040435 12389 12390 Yes Security Update 10.0.26100.1457 https://support.microsoft.com/help/5041571 12389 12390 5041571 5041571 https://support.microsoft.com/help/5041571 12389 12390 Anonymous 1.0 2024-08-13T07:00:00 <p>Information published.</p> Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> Microsoft Streaming Service Microsoft Yes CVE-2024-38125 Numeric Truncation Error 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 12389 12390 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Elevation of Privilege 12389 Elevation of Privilege 12390 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Important 12389 Important 12390 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 5041578 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578 5040430 11568 11569 11571 11572 Yes Security Update 10.0.17763.6189 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041578 5041578 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041592 5040431 11926 11927 Yes Security Update 10.0.22000.3147 https://support.microsoft.com/help/5041592 11926 11927 5041592 5041592 https://support.microsoft.com/help/5041592 11926 11927 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 11929 11930 11931 Yes Security Update 10.0.19044.4780 https://support.microsoft.com/help/5041580 11929 11930 11931 5041580 5041580 https://support.microsoft.com/help/5041580 11929 11930 11931 12097 12098 12099 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12085 12086 Yes Security Update 10.0.22621.4037 https://support.microsoft.com/help/5041585 12085 12086 5041585 5041585 https://support.microsoft.com/help/5041585 12085 12086 12242 12243 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 12097 12098 12099 Yes Security Update 10.0.19045.4780 https://support.microsoft.com/help/5041580 12097 12098 12099 5041580 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12242 12243 Yes Security Update 10.0.22631.4037 https://support.microsoft.com/help/5041585 12242 12243 5041585 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041782 5040448 10729 10735 Yes Security Update 10.0.10240.20751 https://support.microsoft.com/help/5041782 10729 10735 5041782 5041782 https://support.microsoft.com/help/5041782 10729 10735 5041773 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773 5040434 10852 10853 10816 10855 Yes Security Update 10.0.14393.7259 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041773 5041773 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041850 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041850 5040499 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22825 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041850 5041850 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041847 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041847 9312 10287 9318 9344 Yes Security Only 6.0.6003.22825 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041847 5041847 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041838 5040497 10051 10049 Yes Monthly Rollup 6.1.7601.27277 https://support.microsoft.com/help/5041838 10051 10049 5041838 5041838 https://support.microsoft.com/help/5041838 10051 10049 5041823 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041823 10051 10049 Yes Security Only 6.1.7601.27277 https://support.microsoft.com/help/5041823 10051 10049 5041823 5041851 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041851 5040485 10378 10379 Yes Monthly Rollup 6.2.9200.25031 https://support.microsoft.com/help/5041851 10378 10379 5041851 5041851 https://support.microsoft.com/help/5041851 10378 10379 5041828 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041828 5040456 10483 10543 Yes Monthly Rollup 6.3.9600.22134 https://support.microsoft.com/help/5041828 10483 10543 5041828 5041828 https://support.microsoft.com/help/5041828 10483 10543 5041571 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571 5040435 12389 12390 Yes Security Update 10.0.26100.1457 https://support.microsoft.com/help/5041571 12389 12390 5041571 5041571 https://support.microsoft.com/help/5041571 12389 12390 <a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a> 1.0 2024-08-13T07:00:00 <p>Information published.</p> Windows Network Address Translation (NAT) Denial of Service Vulnerability <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> Windows Network Address Translation (NAT) Microsoft Yes CVE-2024-38126 NULL Pointer Dereference 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10483 10543 12390 12389 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 10483 Denial of Service 10543 Denial of Service 12390 Denial of Service 12389 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10483 Important 10543 Important 12390 Important 12389 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 5041578 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578 5040430 11568 11569 11571 11572 Yes Security Update 10.0.17763.6189 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041578 5041578 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041592 5040431 11926 11927 Yes Security Update 10.0.22000.3147 https://support.microsoft.com/help/5041592 11926 11927 5041592 5041592 https://support.microsoft.com/help/5041592 11926 11927 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 11929 11930 11931 Yes Security Update 10.0.19044.4780 https://support.microsoft.com/help/5041580 11929 11930 11931 5041580 5041580 https://support.microsoft.com/help/5041580 11929 11930 11931 12097 12098 12099 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12085 12086 Yes Security Update 10.0.22621.4037 https://support.microsoft.com/help/5041585 12085 12086 5041585 5041585 https://support.microsoft.com/help/5041585 12085 12086 12242 12243 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 12097 12098 12099 Yes Security Update 10.0.19045.4780 https://support.microsoft.com/help/5041580 12097 12098 12099 5041580 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12242 12243 Yes Security Update 10.0.22631.4037 https://support.microsoft.com/help/5041585 12242 12243 5041585 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041782 5040448 10729 10735 Yes Security Update 10.0.10240.20751 https://support.microsoft.com/help/5041782 10729 10735 5041782 5041782 https://support.microsoft.com/help/5041782 10729 10735 5041773 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773 5040434 10852 10853 10816 10855 Yes Security Update 10.0.14393.7259 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041773 5041773 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041828 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041828 5040456 10483 10543 Yes Monthly Rollup 6.3.9600.22134 https://support.microsoft.com/help/5041828 10483 10543 5041828 5041828 https://support.microsoft.com/help/5041828 10483 10543 5041571 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571 5040435 12390 12389 Yes Security Update 10.0.26100.1457 https://support.microsoft.com/help/5041571 12390 12389 5041571 5041571 https://support.microsoft.com/help/5041571 12390 12389 Wei in Kunlun Lab with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2024-08-13T07:00:00 <p>Information published.</p> Windows Hyper-V Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> Windows Kernel Microsoft Yes CVE-2024-38127 Buffer Over-read 11569 11571 11572 11923 11924 11926 11927 11931 12085 12086 12097 12242 12243 12244 10735 10853 10816 10855 10051 10049 10378 10379 10483 10543 12389 12390 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10735 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Elevation of Privilege 12389 Elevation of Privilege 12390 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11931 Important 12085 Important 12086 Important 12097 Important 12242 Important 12243 Important 12244 Important 10735 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Important 12389 Important 12390 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 5041578 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578 5040430 11569 11571 11572 Yes Security Update 10.0.17763.6189 https://support.microsoft.com/help/5041578 11569 11571 11572 5041578 5041578 https://support.microsoft.com/help/5041578 11569 11571 11572 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041592 5040431 11926 11927 Yes Security Update 10.0.22000.3147 https://support.microsoft.com/help/5041592 11926 11927 5041592 5041592 https://support.microsoft.com/help/5041592 11926 11927 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 11931 Yes Security Update 10.0.19044.4780 https://support.microsoft.com/help/5041580 11931 5041580 5041580 https://support.microsoft.com/help/5041580 11931 12097 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12085 12086 Yes Security Update 10.0.22621.4037 https://support.microsoft.com/help/5041585 12085 12086 5041585 5041585 https://support.microsoft.com/help/5041585 12085 12086 12242 12243 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 12097 Yes Security Update 10.0.19045.4780 https://support.microsoft.com/help/5041580 12097 5041580 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12242 12243 Yes Security Update 10.0.22631.4037 https://support.microsoft.com/help/5041585 12242 12243 5041585 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041782 5040448 10735 Yes Security Update 10.0.10240.20751 https://support.microsoft.com/help/5041782 10735 5041782 5041782 https://support.microsoft.com/help/5041782 10735 5041773 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773 5040434 10853 10816 10855 Yes Security Update 10.0.14393.7259 https://support.microsoft.com/help/5041773 10853 10816 10855 5041773 5041773 https://support.microsoft.com/help/5041773 10853 10816 10855 5041838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041838 5040497 10051 10049 Yes Monthly Rollup 6.1.7601.27277 https://support.microsoft.com/help/5041838 10051 10049 5041838 5041838 https://support.microsoft.com/help/5041838 10051 10049 5041823 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041823 10051 10049 Yes Security Only 6.1.7601.27277 https://support.microsoft.com/help/5041823 10051 10049 5041823 5041851 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041851 5040485 10378 10379 Yes Monthly Rollup 6.2.9200.25031 https://support.microsoft.com/help/5041851 10378 10379 5041851 5041851 https://support.microsoft.com/help/5041851 10378 10379 5041828 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041828 5040456 10483 10543 Yes Monthly Rollup 6.3.9600.22134 https://support.microsoft.com/help/5041828 10483 10543 5041828 5041828 https://support.microsoft.com/help/5041828 10483 10543 5041571 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571 5040435 12389 12390 Yes Security Update 10.0.26100.1457 https://support.microsoft.com/help/5041571 12389 12390 5041571 5041571 https://support.microsoft.com/help/5041571 12389 12390 <a href="https://twitter.com/thunderj17">Thunder_J</a> with lichoin Fraunhofer FKIE CA&amp;D 1.0 2024-08-13T07:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>This attack requires an admin user on the client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2024-38128 Integer Overflow or Wraparound 11571 11572 11923 11924 12244 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12244 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12244 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5041578 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578 5040430 11571 11572 Yes Security Update 10.0.17763.6189 https://support.microsoft.com/help/5041578 11571 11572 5041578 5041578 https://support.microsoft.com/help/5041578 11571 11572 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041773 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773 5040434 10816 10855 Yes Security Update 10.0.14393.7259 https://support.microsoft.com/help/5041773 10816 10855 5041773 5041773 https://support.microsoft.com/help/5041773 10816 10855 5041850 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041850 5040499 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22825 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041850 5041850 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041847 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041847 9312 10287 9318 9344 Yes Security Only 6.0.6003.22825 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041847 5041847 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041838 5040497 10051 10049 Yes Monthly Rollup 6.1.7601.27277 https://support.microsoft.com/help/5041838 10051 10049 5041838 5041838 https://support.microsoft.com/help/5041838 10051 10049 5041823 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041823 10051 10049 Yes Security Only 6.1.7601.27277 https://support.microsoft.com/help/5041823 10051 10049 5041823 5041851 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041851 5040485 10378 10379 Yes Monthly Rollup 6.2.9200.25031 https://support.microsoft.com/help/5041851 10378 10379 5041851 5041851 https://support.microsoft.com/help/5041851 10378 10379 5041828 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041828 5040456 10483 10543 Yes Monthly Rollup 6.3.9600.22134 https://support.microsoft.com/help/5041828 10483 10543 5041828 5041828 https://support.microsoft.com/help/5041828 10483 10543 Anonymous 1.0 2024-08-13T07:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability <p><strong><strong>How could an attacker exploit this vulnerability?</strong></strong></p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2024-38130 Heap-based Buffer Overflow 12389 12390 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 12389 Important 12390 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5041571 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571 5040435 12389 12390 Yes Security Update 10.0.26100.1457 https://support.microsoft.com/help/5041571 12389 12390 5041571 5041571 https://support.microsoft.com/help/5041571 12389 12390 5041578 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578 5040430 11568 11569 11571 11572 Yes Security Update 10.0.17763.6189 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041578 5041578 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041592 5040431 11926 11927 Yes Security Update 10.0.22000.3147 https://support.microsoft.com/help/5041592 11926 11927 5041592 5041592 https://support.microsoft.com/help/5041592 11926 11927 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 11929 11930 11931 Yes Security Update 10.0.19044.4780 https://support.microsoft.com/help/5041580 11929 11930 11931 5041580 5041580 https://support.microsoft.com/help/5041580 11929 11930 11931 12097 12098 12099 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12085 12086 Yes Security Update 10.0.22621.4037 https://support.microsoft.com/help/5041585 12085 12086 5041585 5041585 https://support.microsoft.com/help/5041585 12085 12086 12242 12243 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 12097 12098 12099 Yes Security Update 10.0.19045.4780 https://support.microsoft.com/help/5041580 12097 12098 12099 5041580 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12242 12243 Yes Security Update 10.0.22631.4037 https://support.microsoft.com/help/5041585 12242 12243 5041585 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041782 5040448 10729 10735 Yes Security Update 10.0.10240.20751 https://support.microsoft.com/help/5041782 10729 10735 5041782 5041782 https://support.microsoft.com/help/5041782 10729 10735 5041773 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773 5040434 10852 10853 10816 10855 Yes Security Update 10.0.14393.7259 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041773 5041773 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041850 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041850 5040499 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22825 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041850 5041850 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041847 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041847 9312 10287 9318 9344 Yes Security Only 6.0.6003.22825 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041847 5041847 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041838 5040497 10051 10049 Yes Monthly Rollup 6.1.7601.27277 https://support.microsoft.com/help/5041838 10051 10049 5041838 5041838 https://support.microsoft.com/help/5041838 10051 10049 5041823 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041823 10051 10049 Yes Security Only 6.1.7601.27277 https://support.microsoft.com/help/5041823 10051 10049 5041823 5041851 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041851 5040485 10378 10379 Yes Monthly Rollup 6.2.9200.25031 https://support.microsoft.com/help/5041851 10378 10379 5041851 5041851 https://support.microsoft.com/help/5041851 10378 10379 5041828 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041828 5040456 10483 10543 Yes Monthly Rollup 6.3.9600.22134 https://support.microsoft.com/help/5041828 10483 10543 5041828 5041828 https://support.microsoft.com/help/5041828 10483 10543 Anonymous 1.0 2024-08-13T07:00:00 <p>Information published.</p> Clipboard Virtual Channel Extension Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.</p> <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> Windows Clipboard Virtual Channel Extension Microsoft Yes CVE-2024-38131 Sensitive Data Storage in Improperly Locked Memory 12389 12390 11568 11569 11571 11572 11849 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11849 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 12389 Important 12390 Important 11568 Important 11569 Important 11571 Important 11572 Important 11849 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11849 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5041571 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571 5040435 12389 12390 Yes Security Update 10.0.26100.1457 https://support.microsoft.com/help/5041571 12389 12390 5041571 5041571 https://support.microsoft.com/help/5041571 12389 12390 5041578 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578 5040430 11568 11569 11571 11572 Yes Security Update 10.0.17763.6189 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041578 5041578 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 Release Notes https://learn.microsoft.com/en-us/azure/virtual-desktop/whats-new-client-windows#updates-for-version-125560 11849 Maybe Security Update 1.2.5560.0 https://learn.microsoft.com/en-us/azure/virtual-desktop/whats-new-client-windows#updates-for-version-125560 11849 Release Notes 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041592 5040431 11926 11927 Yes Security Update 10.0.22000.3147 https://support.microsoft.com/help/5041592 11926 11927 5041592 5041592 https://support.microsoft.com/help/5041592 11926 11927 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 11929 11930 11931 Yes Security Update 10.0.19044.4780 https://support.microsoft.com/help/5041580 11929 11930 11931 5041580 5041580 https://support.microsoft.com/help/5041580 11929 11930 11931 12097 12098 12099 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12085 12086 Yes Security Update 10.0.22621.4037 https://support.microsoft.com/help/5041585 12085 12086 5041585 5041585 https://support.microsoft.com/help/5041585 12085 12086 12242 12243 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 12097 12098 12099 Yes Security Update 10.0.19045.4780 https://support.microsoft.com/help/5041580 12097 12098 12099 5041580 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12242 12243 Yes Security Update 10.0.22631.4037 https://support.microsoft.com/help/5041585 12242 12243 5041585 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041782 5040448 10729 10735 Yes Security Update 10.0.10240.20751 https://support.microsoft.com/help/5041782 10729 10735 5041782 5041782 https://support.microsoft.com/help/5041782 10729 10735 5041773 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773 5040434 10852 10853 10816 10855 Yes Security Update 10.0.14393.7259 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041773 5041773 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041850 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041850 5040499 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22825 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041850 5041850 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041847 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041847 9312 10287 9318 9344 Yes Security Only 6.0.6003.22825 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041847 5041847 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041838 5040497 10051 10049 Yes Monthly Rollup 6.1.7601.27277 https://support.microsoft.com/help/5041838 10051 10049 5041838 5041838 https://support.microsoft.com/help/5041838 10051 10049 5041823 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041823 10051 10049 Yes Security Only 6.1.7601.27277 https://support.microsoft.com/help/5041823 10051 10049 5041823 5041851 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041851 5040485 10378 10379 Yes Monthly Rollup 6.2.9200.25031 https://support.microsoft.com/help/5041851 10378 10379 5041851 5041851 https://support.microsoft.com/help/5041851 10378 10379 5041828 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041828 5040456 10483 10543 Yes Monthly Rollup 6.3.9600.22134 https://support.microsoft.com/help/5041828 10483 10543 5041828 5041828 https://support.microsoft.com/help/5041828 10483 10543 <a href="https://twitter.com/Mas0nShi">YingQi Shi (@Mas0n)</a> with <a href="https://www.dbappsecurity.com.cn/product/cloud250.html">DBAPPSecurity WeBin Lab</a> 1.0 2024-08-13T07:00:00 <p>Information published.</p> Windows Network Address Translation (NAT) Denial of Service Vulnerability <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> Windows Network Address Translation (NAT) Microsoft Yes CVE-2024-38132 Out-of-bounds Read 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10483 10543 12389 12390 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 10483 Denial of Service 10543 Denial of Service 12389 Denial of Service 12390 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10483 Important 10543 Important 12389 Important 12390 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 5041578 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578 5040430 11568 11569 11571 11572 Yes Security Update 10.0.17763.6189 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041578 5041578 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041592 5040431 11926 11927 Yes Security Update 10.0.22000.3147 https://support.microsoft.com/help/5041592 11926 11927 5041592 5041592 https://support.microsoft.com/help/5041592 11926 11927 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 11929 11930 11931 Yes Security Update 10.0.19044.4780 https://support.microsoft.com/help/5041580 11929 11930 11931 5041580 5041580 https://support.microsoft.com/help/5041580 11929 11930 11931 12097 12098 12099 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12085 12086 Yes Security Update 10.0.22621.4037 https://support.microsoft.com/help/5041585 12085 12086 5041585 5041585 https://support.microsoft.com/help/5041585 12085 12086 12242 12243 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 12097 12098 12099 Yes Security Update 10.0.19045.4780 https://support.microsoft.com/help/5041580 12097 12098 12099 5041580 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12242 12243 Yes Security Update 10.0.22631.4037 https://support.microsoft.com/help/5041585 12242 12243 5041585 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041782 5040448 10729 10735 Yes Security Update 10.0.10240.20751 https://support.microsoft.com/help/5041782 10729 10735 5041782 5041782 https://support.microsoft.com/help/5041782 10729 10735 5041773 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773 5040434 10852 10853 10816 10855 Yes Security Update 10.0.14393.7259 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041773 5041773 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041828 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041828 5040456 10483 10543 Yes Monthly Rollup 6.3.9600.22134 https://support.microsoft.com/help/5041828 10483 10543 5041828 5041828 https://support.microsoft.com/help/5041828 10483 10543 5041571 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571 5040435 12389 12390 Yes Security Update 10.0.26100.1457 https://support.microsoft.com/help/5041571 12389 12390 5041571 5041571 https://support.microsoft.com/help/5041571 12389 12390 Wei in Kunlun Lab with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2024-08-13T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> Windows Kernel Microsoft Yes CVE-2024-38133 Improper Neutralization of Special Elements 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 12389 12390 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 5041578 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578 5040430 11568 11569 11571 11572 Yes Security Update 10.0.17763.6189 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041578 5041578 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041592 5040431 11926 11927 Yes Security Update 10.0.22000.3147 https://support.microsoft.com/help/5041592 11926 11927 5041592 5041592 https://support.microsoft.com/help/5041592 11926 11927 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 11929 11930 11931 Yes Security Update 10.0.19044.4780 https://support.microsoft.com/help/5041580 11929 11930 11931 5041580 5041580 https://support.microsoft.com/help/5041580 11929 11930 11931 12097 12098 12099 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12085 12086 Yes Security Update 10.0.22621.4037 https://support.microsoft.com/help/5041585 12085 12086 5041585 5041585 https://support.microsoft.com/help/5041585 12085 12086 12242 12243 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 12097 12098 12099 Yes Security Update 10.0.19045.4780 https://support.microsoft.com/help/5041580 12097 12098 12099 5041580 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12242 12243 Yes Security Update 10.0.22631.4037 https://support.microsoft.com/help/5041585 12242 12243 5041585 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041571 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571 5040435 12389 12390 Yes Security Update 10.0.26100.1457 https://support.microsoft.com/help/5041571 12389 12390 5041571 5041571 https://support.microsoft.com/help/5041571 12389 12390 <a href="https://infosec.exchange/@xnyhps">Thijs Alkemade</a> with <a href="https://sector7.computest.nl/">Computest Sector 7</a> <a href="https://twitter.com/notkmhn">Khaled Nassar</a> with <a href="https://sector7.computest.nl/">Computest Sector 7</a> <a href="https://twitter.com/daankeuper">Daan Keuper</a> with <a href="https://sector7.computest.nl/">Computest Sector 7</a> 1.0 2024-08-13T07:00:00 <p>Information published.</p> Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> Microsoft Streaming Service Microsoft Yes CVE-2024-38134 Out-of-bounds Read 12389 12390 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10483 10543 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 12389 Important 12390 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5041571 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571 5040435 12389 12390 Yes Security Update 10.0.26100.1457 https://support.microsoft.com/help/5041571 12389 12390 5041571 5041571 https://support.microsoft.com/help/5041571 12389 12390 5041578 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578 5040430 11568 11569 11571 11572 Yes Security Update 10.0.17763.6189 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041578 5041578 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041592 5040431 11926 11927 Yes Security Update 10.0.22000.3147 https://support.microsoft.com/help/5041592 11926 11927 5041592 5041592 https://support.microsoft.com/help/5041592 11926 11927 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 11929 11930 11931 Yes Security Update 10.0.19044.4780 https://support.microsoft.com/help/5041580 11929 11930 11931 5041580 5041580 https://support.microsoft.com/help/5041580 11929 11930 11931 12097 12098 12099 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12085 12086 Yes Security Update 10.0.22621.4037 https://support.microsoft.com/help/5041585 12085 12086 5041585 5041585 https://support.microsoft.com/help/5041585 12085 12086 12242 12243 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 12097 12098 12099 Yes Security Update 10.0.19045.4780 https://support.microsoft.com/help/5041580 12097 12098 12099 5041580 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12242 12243 Yes Security Update 10.0.22631.4037 https://support.microsoft.com/help/5041585 12242 12243 5041585 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041782 5040448 10729 10735 Yes Security Update 10.0.10240.20751 https://support.microsoft.com/help/5041782 10729 10735 5041782 5041782 https://support.microsoft.com/help/5041782 10729 10735 5041773 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773 5040434 10852 10853 10816 10855 Yes Security Update 10.0.14393.7259 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041773 5041773 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041850 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041850 5040499 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22825 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041850 5041850 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041847 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041847 9312 10287 9318 9344 Yes Security Only 6.0.6003.22825 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041847 5041847 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041838 5040497 10051 10049 Yes Monthly Rollup 6.1.7601.27277 https://support.microsoft.com/help/5041838 10051 10049 5041838 5041838 https://support.microsoft.com/help/5041838 10051 10049 5041823 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041823 10051 10049 Yes Security Only 6.1.7601.27277 https://support.microsoft.com/help/5041823 10051 10049 5041823 5041828 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041828 5040456 10483 10543 Yes Monthly Rollup 6.3.9600.22134 https://support.microsoft.com/help/5041828 10483 10543 5041828 5041828 https://support.microsoft.com/help/5041828 10483 10543 <a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a> 1.0 2024-08-13T07:00:00 <p>Information published.</p> Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> Windows NT OS Kernel Microsoft Yes CVE-2024-38135 Buffer Over-read 12389 12390 12085 12086 12242 12243 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Important 12389 Important 12390 Important 12085 Important 12086 Important 12242 Important 12243 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 5041571 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571 5040435 12389 12390 Yes Security Update 10.0.26100.1457 https://support.microsoft.com/help/5041571 12389 12390 5041571 5041571 https://support.microsoft.com/help/5041571 12389 12390 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12085 12086 Yes Security Update 10.0.22621.4037 https://support.microsoft.com/help/5041585 12085 12086 5041585 5041585 https://support.microsoft.com/help/5041585 12085 12086 12242 12243 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12242 12243 Yes Security Update 10.0.22631.4037 https://support.microsoft.com/help/5041585 12242 12243 5041585 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 <a href="https://linkedin.com/in/dr-sr">Dan Reynolds</a> and <a href="https://twitter.com/20brokensp">Sam Pope</a> with MSRC Vulnerabilities &amp; Mitigations 1.0 2024-08-13T07:00:00 <p>Information published.</p> Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> Windows Resource Manager Microsoft Yes CVE-2024-38136 Use After Free 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 12389 12390 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 5041578 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578 5040430 11568 11569 11571 11572 Yes Security Update 10.0.17763.6189 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041578 5041578 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041592 5040431 11926 11927 Yes Security Update 10.0.22000.3147 https://support.microsoft.com/help/5041592 11926 11927 5041592 5041592 https://support.microsoft.com/help/5041592 11926 11927 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 11929 11930 11931 Yes Security Update 10.0.19044.4780 https://support.microsoft.com/help/5041580 11929 11930 11931 5041580 5041580 https://support.microsoft.com/help/5041580 11929 11930 11931 12097 12098 12099 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12085 12086 Yes Security Update 10.0.22621.4037 https://support.microsoft.com/help/5041585 12085 12086 5041585 5041585 https://support.microsoft.com/help/5041585 12085 12086 12242 12243 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 12097 12098 12099 Yes Security Update 10.0.19045.4780 https://support.microsoft.com/help/5041580 12097 12098 12099 5041580 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12242 12243 Yes Security Update 10.0.22631.4037 https://support.microsoft.com/help/5041585 12242 12243 5041585 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041571 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571 5040435 12389 12390 Yes Security Update 10.0.26100.1457 https://support.microsoft.com/help/5041571 12389 12390 5041571 5041571 https://support.microsoft.com/help/5041571 12389 12390 <a href="https://twitter.com/uuulucky">luckyu</a> with NorthSea 1.0 2024-08-13T07:00:00 <p>Information published.</p> Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> Windows Resource Manager Microsoft Yes CVE-2024-38137 Sensitive Data Storage in Improperly Locked Memory Use After Free 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 12389 12390 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041592 5040431 11926 11927 Yes Security Update 10.0.22000.3147 https://support.microsoft.com/help/5041592 11926 11927 5041592 5041592 https://support.microsoft.com/help/5041592 11926 11927 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 11929 11930 11931 Yes Security Update 10.0.19044.4780 https://support.microsoft.com/help/5041580 11929 11930 11931 5041580 5041580 https://support.microsoft.com/help/5041580 11929 11930 11931 12097 12098 12099 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12085 12086 Yes Security Update 10.0.22621.4037 https://support.microsoft.com/help/5041585 12085 12086 5041585 5041585 https://support.microsoft.com/help/5041585 12085 12086 12242 12243 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 12097 12098 12099 Yes Security Update 10.0.19045.4780 https://support.microsoft.com/help/5041580 12097 12098 12099 5041580 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12242 12243 Yes Security Update 10.0.22631.4037 https://support.microsoft.com/help/5041585 12242 12243 5041585 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041571 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571 5040435 12389 12390 Yes Security Update 10.0.26100.1457 https://support.microsoft.com/help/5041571 12389 12390 5041571 5041571 https://support.microsoft.com/help/5041571 12389 12390 <a href="https://twitter.com/uuulucky">luckyu</a> with NorthSea 1.0 2024-08-13T07:00:00 <p>Information published.</p> Windows Deployment Services Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>For an attacker to exploit this vulnerability, they would need to have knowledge of a specific operation that triggers a memory allocation failure, specifically a use after free.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires the attacker to be an authenticated Windows Deployment Services user and to request a certain operation via an RPC call.</p> Windows Deployment Services Microsoft Yes CVE-2024-38138 Use After Free 11571 11572 11923 11924 12244 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12244 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12244 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5044277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5044277 5043050 11571 11572 Yes Security Update 10.0.17763.6414 https://support.microsoft.com/help/5044277 11571 11572 5044277 5044277 https://support.microsoft.com/help/5044277 11571 11572 5042881 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5042881 5041160 11923 11924 Yes Security Update 10.0.20348.2700 https://support.microsoft.com/help/5042881 11923 11924 5042881 5042881 https://support.microsoft.com/help/5042881 11923 11924 5043055 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5043055 5041573 12244 Yes Security Update 10.0.25398.1128 https://support.microsoft.com/help/5043055 12244 5043055 5043051 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5043051 5041773 10816 10855 Yes Security Update 10.0.14393.7336 https://support.microsoft.com/help/5043051 10816 10855 5043051 5043051 https://support.microsoft.com/help/5043051 10816 10855 5043135 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5043135 5041850 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22870 https://support.microsoft.com/help/5043135 9312 10287 9318 9344 5043135 5043135 https://support.microsoft.com/help/5043135 9312 10287 9318 9344 5043087 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5043087 9312 10287 9318 9344 Yes Security Only 6.0.6003.22870 https://support.microsoft.com/help/5043087 9312 10287 9318 9344 5043087 5043087 https://support.microsoft.com/help/5043087 9312 10287 9318 9344 5043129 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5043129 5041838 10051 10049 Yes Monthly Rollup 6.1.7601.27320 https://support.microsoft.com/help/5043129 10051 10049 5043129 5043092 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5043092 10051 10049 Yes Security Only 6.1.7601.27320 https://support.microsoft.com/help/5043092 10051 10049 5043092 5043125 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5043125 5041851 10378 10379 Yes Monthly Rollup 6.2.9200.25073 https://support.microsoft.com/help/5043125 10378 10379 5043125 5043125 https://support.microsoft.com/help/5043125 10378 10379 5043138 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5043138 5041828 10483 10543 Yes Monthly Rollup 6.3.9600.22175 https://support.microsoft.com/help/5043138 10483 10543 5043138 5043138 https://support.microsoft.com/help/5043138 10483 10543 <a href="https://twitter.com/vv474172261">VictorV(Tang tianwen)</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 2.0 2024-09-10T07:00:00 <p>The following updates have been made to CVE-2024-38138: 1) In the Security Updates table, added all supported versions of the following as they are affected by this vulnerability: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2. 2) Further, to comprehensively address this vulnerability, Microsoft has released September 2024 security updates for all affected versions of Windows Server 2016, Windows Server 2019, Windows Server 2022, and Windows Server 2022, 23H2 Edition.</p> <p>Microsoft recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> 2.1 2024-10-10T07:00:00 <p>Updated product information in the Software Update table. This is an informational change only.</p> 1.0 2024-08-13T07:00:00 <p>Information published.</p> Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could exploit the vulnerability by sending specially crafted packets to a Windows Pragmatic General Multicast (PGM) open socket on the server, without any interaction from the user.</p> <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> Reliable Multicast Transport Driver (RMCAST) Microsoft Yes CVE-2024-38140 Use After Free 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 12390 12389 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Remote Code Execution 12390 Remote Code Execution 12389 Critical 11568 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 12242 Critical 12243 Critical 12244 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Critical 12390 Critical 12389 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 5041578 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578 5040430 11568 11569 11571 11572 Yes Security Update 10.0.17763.6189 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041578 5041578 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041592 5040431 11926 11927 Yes Security Update 10.0.22000.3147 https://support.microsoft.com/help/5041592 11926 11927 5041592 5041592 https://support.microsoft.com/help/5041592 11926 11927 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 11929 11930 11931 Yes Security Update 10.0.19044.4780 https://support.microsoft.com/help/5041580 11929 11930 11931 5041580 5041580 https://support.microsoft.com/help/5041580 11929 11930 11931 12097 12098 12099 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12085 12086 Yes Security Update 10.0.22621.4037 https://support.microsoft.com/help/5041585 12085 12086 5041585 5041585 https://support.microsoft.com/help/5041585 12085 12086 12242 12243 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 12097 12098 12099 Yes Security Update 10.0.19045.4780 https://support.microsoft.com/help/5041580 12097 12098 12099 5041580 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12242 12243 Yes Security Update 10.0.22631.4037 https://support.microsoft.com/help/5041585 12242 12243 5041585 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041782 5040448 10729 10735 Yes Security Update 10.0.10240.20751 https://support.microsoft.com/help/5041782 10729 10735 5041782 5041782 https://support.microsoft.com/help/5041782 10729 10735 5041773 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773 5040434 10852 10853 10816 10855 Yes Security Update 10.0.14393.7259 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041773 5041773 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041850 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041850 5040499 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22825 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041850 5041850 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041847 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041847 9312 10287 9318 9344 Yes Security Only 6.0.6003.22825 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041847 5041847 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041838 5040497 10051 10049 Yes Monthly Rollup 6.1.7601.27277 https://support.microsoft.com/help/5041838 10051 10049 5041838 5041838 https://support.microsoft.com/help/5041838 10051 10049 5041823 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041823 10051 10049 Yes Security Only 6.1.7601.27277 https://support.microsoft.com/help/5041823 10051 10049 5041823 5041851 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041851 5040485 10378 10379 Yes Monthly Rollup 6.2.9200.25031 https://support.microsoft.com/help/5041851 10378 10379 5041851 5041851 https://support.microsoft.com/help/5041851 10378 10379 5041828 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041828 5040456 10483 10543 Yes Monthly Rollup 6.3.9600.22134 https://support.microsoft.com/help/5041828 10483 10543 5041828 5041828 https://support.microsoft.com/help/5041828 10483 10543 5041571 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571 5040435 12390 12389 Yes Security Update 10.0.26100.1457 https://support.microsoft.com/help/5041571 12390 12389 5041571 5041571 https://support.microsoft.com/help/5041571 12390 12389 <p><strong>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx#Mitigation">mitigating factors</a> might be helpful in your situation:</strong></p> <p>This vulnerability is only exploitable only if there is a program listening on a Pragmatic General Multicast (PGM) port. If PGM is installed or enabled but no programs are actively listening as a receiver, then this vulnerability is not exploitable.</p> <p>PGM does not authenticate requests so it is recommended to protect access to any open ports at the network level (e.g. with a firewall). It is not recommended to expose a PGM receiver to the public internet.</p> Kyle Westhaus with Microsoft Offensive Research & Security Engineering (MORSE) 1.0 2024-08-13T07:00:00 <p>Information published.</p> Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> Windows Ancillary Function Driver for WinSock Microsoft Yes CVE-2024-38141 Use After Free 12389 12390 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 12389 Important 12390 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5041571 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571 5040435 12389 12390 Yes Security Update 10.0.26100.1457 https://support.microsoft.com/help/5041571 12389 12390 5041571 5041571 https://support.microsoft.com/help/5041571 12389 12390 5041578 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578 5040430 11568 11569 11571 11572 Yes Security Update 10.0.17763.6189 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041578 5041578 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041592 5040431 11926 11927 Yes Security Update 10.0.22000.3147 https://support.microsoft.com/help/5041592 11926 11927 5041592 5041592 https://support.microsoft.com/help/5041592 11926 11927 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 11929 11930 11931 Yes Security Update 10.0.19044.4780 https://support.microsoft.com/help/5041580 11929 11930 11931 5041580 5041580 https://support.microsoft.com/help/5041580 11929 11930 11931 12097 12098 12099 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12085 12086 Yes Security Update 10.0.22621.4037 https://support.microsoft.com/help/5041585 12085 12086 5041585 5041585 https://support.microsoft.com/help/5041585 12085 12086 12242 12243 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 12097 12098 12099 Yes Security Update 10.0.19045.4780 https://support.microsoft.com/help/5041580 12097 12098 12099 5041580 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12242 12243 Yes Security Update 10.0.22631.4037 https://support.microsoft.com/help/5041585 12242 12243 5041585 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041782 5040448 10729 10735 Yes Security Update 10.0.10240.20751 https://support.microsoft.com/help/5041782 10729 10735 5041782 5041782 https://support.microsoft.com/help/5041782 10729 10735 5041773 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773 5040434 10852 10853 10816 10855 Yes Security Update 10.0.14393.7259 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041773 5041773 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041851 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041851 5040485 10378 10379 Yes Monthly Rollup 6.2.9200.25031 https://support.microsoft.com/help/5041851 10378 10379 5041851 5041851 https://support.microsoft.com/help/5041851 10378 10379 5041828 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041828 5040456 10483 10543 Yes Monthly Rollup 6.3.9600.22134 https://support.microsoft.com/help/5041828 10483 10543 5041828 5041828 https://support.microsoft.com/help/5041828 10483 10543 1.0 2024-08-13T07:00:00 <p>Information published.</p> Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could exploit the vulnerability by interacting with a malicious wireless network from the lock screen of a device. Successful exploitation of this vulnerability does not crash systems or allow unauthorized access. However, it can potentially leak sensitive information.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> Windows WLAN Auto Config Service Microsoft Yes CVE-2024-38143 Missing Authentication for Critical Function 12389 12390 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 12389 Important 12390 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 4.2 3.7 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5041571 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571 5040435 12389 12390 Yes Security Update 10.0.26100.1457 https://support.microsoft.com/help/5041571 12389 12390 5041571 5041571 https://support.microsoft.com/help/5041571 12389 12390 5041578 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578 5040430 11568 11569 11571 11572 Yes Security Update 10.0.17763.6189 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041578 5041578 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041592 5040431 11926 11927 Yes Security Update 10.0.22000.3147 https://support.microsoft.com/help/5041592 11926 11927 5041592 5041592 https://support.microsoft.com/help/5041592 11926 11927 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 11929 11930 11931 Yes Security Update 10.0.19044.4780 https://support.microsoft.com/help/5041580 11929 11930 11931 5041580 5041580 https://support.microsoft.com/help/5041580 11929 11930 11931 12097 12098 12099 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12085 12086 Yes Security Update 10.0.22621.4037 https://support.microsoft.com/help/5041585 12085 12086 5041585 5041585 https://support.microsoft.com/help/5041585 12085 12086 12242 12243 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 12097 12098 12099 Yes Security Update 10.0.19045.4780 https://support.microsoft.com/help/5041580 12097 12098 12099 5041580 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12242 12243 Yes Security Update 10.0.22631.4037 https://support.microsoft.com/help/5041585 12242 12243 5041585 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041782 5040448 10729 10735 Yes Security Update 10.0.10240.20751 https://support.microsoft.com/help/5041782 10729 10735 5041782 5041782 https://support.microsoft.com/help/5041782 10729 10735 5041773 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773 5040434 10852 10853 10816 10855 Yes Security Update 10.0.14393.7259 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041773 5041773 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 sunflower@knownsec404team <a href="https://github.com/johnjhacking">John Jackson</a> 1.0 2024-08-13T07:00:00 <p>Information published.</p> Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> Microsoft Streaming Service Microsoft Yes CVE-2024-38144 Integer Overflow or Wraparound 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 12389 12390 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Elevation of Privilege 12389 Elevation of Privilege 12390 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Important 12389 Important 12390 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 5041578 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578 5040430 11568 11569 11571 11572 Yes Security Update 10.0.17763.6189 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041578 5041578 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041592 5040431 11926 11927 Yes Security Update 10.0.22000.3147 https://support.microsoft.com/help/5041592 11926 11927 5041592 5041592 https://support.microsoft.com/help/5041592 11926 11927 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 11929 11930 11931 Yes Security Update 10.0.19044.4780 https://support.microsoft.com/help/5041580 11929 11930 11931 5041580 5041580 https://support.microsoft.com/help/5041580 11929 11930 11931 12097 12098 12099 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12085 12086 Yes Security Update 10.0.22621.4037 https://support.microsoft.com/help/5041585 12085 12086 5041585 5041585 https://support.microsoft.com/help/5041585 12085 12086 12242 12243 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 12097 12098 12099 Yes Security Update 10.0.19045.4780 https://support.microsoft.com/help/5041580 12097 12098 12099 5041580 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12242 12243 Yes Security Update 10.0.22631.4037 https://support.microsoft.com/help/5041585 12242 12243 5041585 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041782 5040448 10729 10735 Yes Security Update 10.0.10240.20751 https://support.microsoft.com/help/5041782 10729 10735 5041782 5041782 https://support.microsoft.com/help/5041782 10729 10735 5041773 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773 5040434 10852 10853 10816 10855 Yes Security Update 10.0.14393.7259 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041773 5041773 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041850 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041850 5040499 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22825 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041850 5041850 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041847 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041847 9312 10287 9318 9344 Yes Security Only 6.0.6003.22825 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041847 5041847 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041838 5040497 10051 10049 Yes Monthly Rollup 6.1.7601.27277 https://support.microsoft.com/help/5041838 10051 10049 5041838 5041838 https://support.microsoft.com/help/5041838 10051 10049 5041823 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041823 10051 10049 Yes Security Only 6.1.7601.27277 https://support.microsoft.com/help/5041823 10051 10049 5041823 5041851 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041851 5040485 10378 10379 Yes Monthly Rollup 6.2.9200.25031 https://support.microsoft.com/help/5041851 10378 10379 5041851 5041851 https://support.microsoft.com/help/5041851 10378 10379 5041828 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041828 5040456 10483 10543 Yes Monthly Rollup 6.3.9600.22134 https://support.microsoft.com/help/5041828 10483 10543 5041828 5041828 https://support.microsoft.com/help/5041828 10483 10543 5041571 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571 5040435 12389 12390 Yes Security Update 10.0.26100.1457 https://support.microsoft.com/help/5041571 12389 12390 5041571 5041571 https://support.microsoft.com/help/5041571 12389 12390 <a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a> JeongOh Kyea of Theori working with <a href="https://ssd-disclosure.com/">SSD Secure Disclosure</a> anonymous with MatrixCup 1.0 2024-08-13T07:00:00 <p>Information published.</p> Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> Windows Layer-2 Bridge Network Driver Microsoft Yes CVE-2024-38145 NULL Pointer Dereference 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 12389 12390 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Denial of Service 12389 Denial of Service 12390 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Important 12389 Important 12390 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 5041578 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578 5040430 11568 11569 11571 11572 Yes Security Update 10.0.17763.6189 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041578 5041578 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041592 5040431 11926 11927 Yes Security Update 10.0.22000.3147 https://support.microsoft.com/help/5041592 11926 11927 5041592 5041592 https://support.microsoft.com/help/5041592 11926 11927 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 11929 11930 11931 Yes Security Update 10.0.19044.4780 https://support.microsoft.com/help/5041580 11929 11930 11931 5041580 5041580 https://support.microsoft.com/help/5041580 11929 11930 11931 12097 12098 12099 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12085 12086 Yes Security Update 10.0.22621.4037 https://support.microsoft.com/help/5041585 12085 12086 5041585 5041585 https://support.microsoft.com/help/5041585 12085 12086 12242 12243 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 12097 12098 12099 Yes Security Update 10.0.19045.4780 https://support.microsoft.com/help/5041580 12097 12098 12099 5041580 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12242 12243 Yes Security Update 10.0.22631.4037 https://support.microsoft.com/help/5041585 12242 12243 5041585 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041782 5040448 10729 10735 Yes Security Update 10.0.10240.20751 https://support.microsoft.com/help/5041782 10729 10735 5041782 5041782 https://support.microsoft.com/help/5041782 10729 10735 5041773 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773 5040434 10852 10853 10816 10855 Yes Security Update 10.0.14393.7259 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041773 5041773 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041851 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041851 5040485 10378 10379 Yes Monthly Rollup 6.2.9200.25031 https://support.microsoft.com/help/5041851 10378 10379 5041851 5041851 https://support.microsoft.com/help/5041851 10378 10379 5041828 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041828 5040456 10483 10543 Yes Monthly Rollup 6.3.9600.22134 https://support.microsoft.com/help/5041828 10483 10543 5041828 5041828 https://support.microsoft.com/help/5041828 10483 10543 5041571 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571 5040435 12389 12390 Yes Security Update 10.0.26100.1457 https://support.microsoft.com/help/5041571 12389 12390 5041571 5041571 https://support.microsoft.com/help/5041571 12389 12390 Wei in Kunlun Lab with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2024-08-13T07:00:00 <p>Information published.</p> Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> Windows Layer-2 Bridge Network Driver Microsoft Yes CVE-2024-38146 NULL Pointer Dereference 12389 12390 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Denial of Service 12389 Denial of Service 12390 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 12389 Important 12390 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5041571 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571 5040435 12389 12390 Yes Security Update 10.0.26100.1457 https://support.microsoft.com/help/5041571 12389 12390 5041571 5041571 https://support.microsoft.com/help/5041571 12389 12390 5041578 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578 5040430 11568 11569 11571 11572 Yes Security Update 10.0.17763.6189 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041578 5041578 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041592 5040431 11926 11927 Yes Security Update 10.0.22000.3147 https://support.microsoft.com/help/5041592 11926 11927 5041592 5041592 https://support.microsoft.com/help/5041592 11926 11927 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 11929 11930 11931 Yes Security Update 10.0.19044.4780 https://support.microsoft.com/help/5041580 11929 11930 11931 5041580 5041580 https://support.microsoft.com/help/5041580 11929 11930 11931 12097 12098 12099 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12085 12086 Yes Security Update 10.0.22621.4037 https://support.microsoft.com/help/5041585 12085 12086 5041585 5041585 https://support.microsoft.com/help/5041585 12085 12086 12242 12243 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 12097 12098 12099 Yes Security Update 10.0.19045.4780 https://support.microsoft.com/help/5041580 12097 12098 12099 5041580 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12242 12243 Yes Security Update 10.0.22631.4037 https://support.microsoft.com/help/5041585 12242 12243 5041585 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041782 5040448 10729 10735 Yes Security Update 10.0.10240.20751 https://support.microsoft.com/help/5041782 10729 10735 5041782 5041782 https://support.microsoft.com/help/5041782 10729 10735 5041773 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773 5040434 10852 10853 10816 10855 Yes Security Update 10.0.14393.7259 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041773 5041773 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041851 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041851 5040485 10378 10379 Yes Monthly Rollup 6.2.9200.25031 https://support.microsoft.com/help/5041851 10378 10379 5041851 5041851 https://support.microsoft.com/help/5041851 10378 10379 5041828 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041828 5040456 10483 10543 Yes Monthly Rollup 6.3.9600.22134 https://support.microsoft.com/help/5041828 10483 10543 5041828 5041828 https://support.microsoft.com/help/5041828 10483 10543 Wei in Kunlun Lab with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2024-08-13T07:00:00 <p>Information published.</p> Microsoft DWM Core Library Elevation of Privilege Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p>Additionally, an attacker could convince a local user to open a malicious file. The attacker would have to convince the user to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> Windows DWM Core Library Microsoft Yes CVE-2024-38147 Use After Free 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 12389 12390 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041592 5040431 11926 11927 Yes Security Update 10.0.22000.3147 https://support.microsoft.com/help/5041592 11926 11927 5041592 5041592 https://support.microsoft.com/help/5041592 11926 11927 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 11929 11930 11931 Yes Security Update 10.0.19044.4780 https://support.microsoft.com/help/5041580 11929 11930 11931 5041580 5041580 https://support.microsoft.com/help/5041580 11929 11930 11931 12097 12098 12099 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12085 12086 Yes Security Update 10.0.22621.4037 https://support.microsoft.com/help/5041585 12085 12086 5041585 5041585 https://support.microsoft.com/help/5041585 12085 12086 12242 12243 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 12097 12098 12099 Yes Security Update 10.0.19045.4780 https://support.microsoft.com/help/5041580 12097 12098 12099 5041580 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12242 12243 Yes Security Update 10.0.22631.4037 https://support.microsoft.com/help/5041585 12242 12243 5041585 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041571 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571 5040435 12389 12390 Yes Security Update 10.0.26100.1457 https://support.microsoft.com/help/5041571 12389 12390 5041571 5041571 https://support.microsoft.com/help/5041571 12389 12390 <a href="https://twitter.com/hillstone_lab">Zhang WangJunJie, He YiSheng</a> with <a href="https://www.hillstonenet.com.cn/">Hillstone Network Security Research Institute</a> 1.0 2024-08-13T07:00:00 <p>Information published.</p> Windows Secure Channel Denial of Service Vulnerability <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> Windows Transport Security Layer (TLS) Microsoft Yes CVE-2024-38148 Out-of-bounds Read 12389 12390 11923 11924 11926 11927 12085 12086 12242 12243 12244 Denial of Service 12389 Denial of Service 12390 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 12085 Denial of Service 12086 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Important 12389 Important 12390 Important 11923 Important 11924 Important 11926 Important 11927 Important 12085 Important 12086 Important 12242 Important 12243 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 5041571 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571 5040435 12389 12390 Yes Security Update 10.0.26100.1457 https://support.microsoft.com/help/5041571 12389 12390 5041571 5041571 https://support.microsoft.com/help/5041571 12389 12390 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041592 5040431 11926 11927 Yes Security Update 10.0.22000.3147 https://support.microsoft.com/help/5041592 11926 11927 5041592 5041592 https://support.microsoft.com/help/5041592 11926 11927 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12085 12086 Yes Security Update 10.0.22621.4037 https://support.microsoft.com/help/5041585 12085 12086 5041585 5041585 https://support.microsoft.com/help/5041585 12085 12086 12242 12243 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12242 12243 Yes Security Update 10.0.22631.4037 https://support.microsoft.com/help/5041585 12242 12243 5041585 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 Anonymous 1.0 2024-08-13T07:00:00 <p>Information published.</p> Windows DWM Core Library Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> Windows DWM Core Library Microsoft Yes CVE-2024-38150 Use After Free 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 12389 12390 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041592 5040431 11926 11927 Yes Security Update 10.0.22000.3147 https://support.microsoft.com/help/5041592 11926 11927 5041592 5041592 https://support.microsoft.com/help/5041592 11926 11927 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 11929 11930 11931 Yes Security Update 10.0.19044.4780 https://support.microsoft.com/help/5041580 11929 11930 11931 5041580 5041580 https://support.microsoft.com/help/5041580 11929 11930 11931 12097 12098 12099 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12085 12086 Yes Security Update 10.0.22621.4037 https://support.microsoft.com/help/5041585 12085 12086 5041585 5041585 https://support.microsoft.com/help/5041585 12085 12086 12242 12243 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 12097 12098 12099 Yes Security Update 10.0.19045.4780 https://support.microsoft.com/help/5041580 12097 12098 12099 5041580 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12242 12243 Yes Security Update 10.0.22631.4037 https://support.microsoft.com/help/5041585 12242 12243 5041585 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041571 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571 5040435 12389 12390 Yes Security Update 10.0.26100.1457 https://support.microsoft.com/help/5041571 12389 12390 5041571 5041571 https://support.microsoft.com/help/5041571 12389 12390 <a href="https://twitter.com/hillstone_lab">Zhang WangJunJie, He YiSheng</a> with <a href="https://www.hillstonenet.com.cn/">Hillstone Network Security Research Institute</a> 1.0 2024-08-13T07:00:00 <p>Information published.</p> Windows Kernel Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is a small amount of kernel memory which could be leaked back to the attacker.</p> <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> Windows Kernel Microsoft Yes CVE-2024-38151 Out-of-bounds Read 12389 12390 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 12389 Information Disclosure 12390 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 12389 Important 12390 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5041571 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571 5040435 12389 12390 Yes Security Update 10.0.26100.1457 https://support.microsoft.com/help/5041571 12389 12390 5041571 5041571 https://support.microsoft.com/help/5041571 12389 12390 5041578 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578 5040430 11568 11569 11571 11572 Yes Security Update 10.0.17763.6189 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041578 5041578 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041592 5040431 11926 11927 Yes Security Update 10.0.22000.3147 https://support.microsoft.com/help/5041592 11926 11927 5041592 5041592 https://support.microsoft.com/help/5041592 11926 11927 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 11929 11930 11931 Yes Security Update 10.0.19044.4780 https://support.microsoft.com/help/5041580 11929 11930 11931 5041580 5041580 https://support.microsoft.com/help/5041580 11929 11930 11931 12097 12098 12099 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12085 12086 Yes Security Update 10.0.22621.4037 https://support.microsoft.com/help/5041585 12085 12086 5041585 5041585 https://support.microsoft.com/help/5041585 12085 12086 12242 12243 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 12097 12098 12099 Yes Security Update 10.0.19045.4780 https://support.microsoft.com/help/5041580 12097 12098 12099 5041580 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12242 12243 Yes Security Update 10.0.22631.4037 https://support.microsoft.com/help/5041585 12242 12243 5041585 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041782 5040448 10729 10735 Yes Security Update 10.0.10240.20751 https://support.microsoft.com/help/5041782 10729 10735 5041782 5041782 https://support.microsoft.com/help/5041782 10729 10735 5041773 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773 5040434 10852 10853 10816 10855 Yes Security Update 10.0.14393.7259 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041773 5041773 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041850 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041850 5040499 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22825 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041850 5041850 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041847 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041847 9312 10287 9318 9344 Yes Security Only 6.0.6003.22825 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041847 5041847 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041838 5040497 10051 10049 Yes Monthly Rollup 6.1.7601.27277 https://support.microsoft.com/help/5041838 10051 10049 5041838 5041838 https://support.microsoft.com/help/5041838 10051 10049 5041823 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041823 10051 10049 Yes Security Only 6.1.7601.27277 https://support.microsoft.com/help/5041823 10051 10049 5041823 5041851 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041851 5040485 10378 10379 Yes Monthly Rollup 6.2.9200.25031 https://support.microsoft.com/help/5041851 10378 10379 5041851 5041851 https://support.microsoft.com/help/5041851 10378 10379 5041828 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041828 5040456 10483 10543 Yes Monthly Rollup 6.3.9600.22134 https://support.microsoft.com/help/5041828 10483 10543 5041828 5041828 https://support.microsoft.com/help/5041828 10483 10543 Naceri with MSRC Vulnerabilities &amp; Mitigations 1.0 2024-08-13T07:00:00 <p>Information published.</p> Windows OLE Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> Microsoft WDAC OLE DB provider for SQL Microsoft Yes CVE-2024-38152 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 12389 12390 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Remote Code Execution 12389 Remote Code Execution 12390 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Important 12389 Important 12390 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 5041578 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578 5040430 11568 11569 11571 11572 Yes Security Update 10.0.17763.6189 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041578 5041578 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041592 5040431 11926 11927 Yes Security Update 10.0.22000.3147 https://support.microsoft.com/help/5041592 11926 11927 5041592 5041592 https://support.microsoft.com/help/5041592 11926 11927 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 11929 11930 11931 Yes Security Update 10.0.19044.4780 https://support.microsoft.com/help/5041580 11929 11930 11931 5041580 5041580 https://support.microsoft.com/help/5041580 11929 11930 11931 12097 12098 12099 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12085 12086 Yes Security Update 10.0.22621.4037 https://support.microsoft.com/help/5041585 12085 12086 5041585 5041585 https://support.microsoft.com/help/5041585 12085 12086 12242 12243 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 12097 12098 12099 Yes Security Update 10.0.19045.4780 https://support.microsoft.com/help/5041580 12097 12098 12099 5041580 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12242 12243 Yes Security Update 10.0.22631.4037 https://support.microsoft.com/help/5041585 12242 12243 5041585 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041782 5040448 10729 10735 Yes Security Update 10.0.10240.20751 https://support.microsoft.com/help/5041782 10729 10735 5041782 5041782 https://support.microsoft.com/help/5041782 10729 10735 5041773 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773 5040434 10852 10853 10816 10855 Yes Security Update 10.0.14393.7259 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041773 5041773 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041850 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041850 5040499 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22825 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041850 5041850 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041847 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041847 9312 10287 9318 9344 Yes Security Only 6.0.6003.22825 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041847 5041847 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041838 5040497 10051 10049 Yes Monthly Rollup 6.1.7601.27277 https://support.microsoft.com/help/5041838 10051 10049 5041838 5041838 https://support.microsoft.com/help/5041838 10051 10049 5041823 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041823 10051 10049 Yes Security Only 6.1.7601.27277 https://support.microsoft.com/help/5041823 10051 10049 5041823 5041851 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041851 5040485 10378 10379 Yes Monthly Rollup 6.2.9200.25031 https://support.microsoft.com/help/5041851 10378 10379 5041851 5041851 https://support.microsoft.com/help/5041851 10378 10379 5041828 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041828 5040456 10483 10543 Yes Monthly Rollup 6.3.9600.22134 https://support.microsoft.com/help/5041828 10483 10543 5041828 5041828 https://support.microsoft.com/help/5041828 10483 10543 5041571 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571 5040435 12389 12390 Yes Security Update 10.0.26100.1457 https://support.microsoft.com/help/5041571 12389 12390 5041571 5041571 https://support.microsoft.com/help/5041571 12389 12390 Anonymous 1.0 2024-08-13T07:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>This attack requires an admin user on the client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2024-38154 Heap-based Buffer Overflow 11571 11572 11923 11924 12244 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12244 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12244 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5041578 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578 5040430 11571 11572 Yes Security Update 10.0.17763.6189 https://support.microsoft.com/help/5041578 11571 11572 5041578 5041578 https://support.microsoft.com/help/5041578 11571 11572 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041773 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773 5040434 10816 10855 Yes Security Update 10.0.14393.7259 https://support.microsoft.com/help/5041773 10816 10855 5041773 5041773 https://support.microsoft.com/help/5041773 10816 10855 5041850 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041850 5040499 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22825 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041850 5041850 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041847 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041847 9312 10287 9318 9344 Yes Security Only 6.0.6003.22825 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041847 5041847 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041838 5040497 10051 10049 Yes Monthly Rollup 6.1.7601.27277 https://support.microsoft.com/help/5041838 10051 10049 5041838 5041838 https://support.microsoft.com/help/5041838 10051 10049 5041823 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041823 10051 10049 Yes Security Only 6.1.7601.27277 https://support.microsoft.com/help/5041823 10051 10049 5041823 5041851 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041851 5040485 10378 10379 Yes Monthly Rollup 6.2.9200.25031 https://support.microsoft.com/help/5041851 10378 10379 5041851 5041851 https://support.microsoft.com/help/5041851 10378 10379 5041828 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041828 5040456 10483 10543 Yes Monthly Rollup 6.3.9600.22134 https://support.microsoft.com/help/5041828 10483 10543 5041828 5041828 https://support.microsoft.com/help/5041828 10483 10543 Anonymous 1.0 2024-08-13T07:00:00 <p>Information published.</p> Security Center Broker Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server.</p> <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> Windows Security Center Microsoft Yes CVE-2024-38155 Out-of-bounds Read 11568 11569 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12389 12390 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12389 Information Disclosure 12390 Important 11568 Important 11569 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12389 Important 12390 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12389 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12390 5041578 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578 5040430 11568 11569 Yes Security Update 10.0.17763.6189 https://support.microsoft.com/help/5041578 11568 11569 5041578 5041578 https://support.microsoft.com/help/5041578 11568 11569 5041592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041592 5040431 11926 11927 Yes Security Update 10.0.22000.3147 https://support.microsoft.com/help/5041592 11926 11927 5041592 5041592 https://support.microsoft.com/help/5041592 11926 11927 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 11929 11930 11931 Yes Security Update 10.0.19044.4780 https://support.microsoft.com/help/5041580 11929 11930 11931 5041580 5041580 https://support.microsoft.com/help/5041580 11929 11930 11931 12097 12098 12099 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12085 12086 Yes Security Update 10.0.22621.4037 https://support.microsoft.com/help/5041585 12085 12086 5041585 5041585 https://support.microsoft.com/help/5041585 12085 12086 12242 12243 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 12097 12098 12099 Yes Security Update 10.0.19045.4780 https://support.microsoft.com/help/5041580 12097 12098 12099 5041580 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12242 12243 Yes Security Update 10.0.22631.4037 https://support.microsoft.com/help/5041585 12242 12243 5041585 5041571 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571 5040435 12389 12390 Yes Security Update 10.0.26100.1457 https://support.microsoft.com/help/5041571 12389 12390 5041571 5041571 https://support.microsoft.com/help/5041571 12389 12390 nevul37 with <a href="https://cwresearchlab.co.kr/">CW Research Inc.</a> 1.0 2024-08-13T07:00:00 <p>Information published.</p> Azure IoT SDK Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>The attacker must have permissions to access the target domain environment to be able to exploit this vulnerability.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack.</p> Azure IoT SDK Microsoft Yes CVE-2024-38157 Double Free 11581 Remote Code Execution 11581 Important 11581 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11581 Release Notes https://github.com/Azure/azure-iot-sdk-c/releases/tag/LTS_03_2024_Ref02 11581 No Security Update 1.12.1 https://github.com/Azure/azure-iot-sdk-c/releases 11581 Release Notes <a href="https://twitter.com/vv474172261">VictorV(Tang tianwen)</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2024-08-13T07:00:00 <p>Information published.</p> Azure IoT SDK Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>The attacker must have permissions to access the target domain environment to be able to exploit this vulnerability.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack.</p> Azure IoT SDK Microsoft Yes CVE-2024-38158 Use After Free 11502 Remote Code Execution 11502 Important 11502 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11502 Release Notes https://github.com/Azure/azure-iot-sdk-c/releases/tag/LTS_03_2024_Ref02 11502 No Security Update 1.12.1 https://github.com/Azure/azure-iot-sdk-c/releases 11502 Release Notes <a href="https://twitter.com/vv474172261">VictorV(Tang tianwen)</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2024-08-13T07:00:00 <p>Information published.</p> Azure Connected Machine Agent Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could create, modify, or delete files in the security context of the &quot;NT AUTHORITY\SYSTEM&quot; account.</p> Azure Connected Machine Agent Microsoft Yes CVE-2024-38162 Improper Access Control 12264 Elevation of Privilege 12264 Important 12264 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12264 Release Notes https://learn.microsoft.com/en-us/azure/azure-arc/servers/manage-agent?tabs=windows#upgrade-the-agent 12264 Maybe Security Update 1.44 https://learn.microsoft.com/en-us/azure/azure-arc/servers/agent-release-notes#version-144---july-2024 12264 Release Notes <a href="https://twitter.com/filip_dragovic">Filip Dragović</a> 1.0 2024-08-13T07:00:00 <p>Information published.</p> Windows Compressed Folder Tampering Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> Windows Compressed Folder Microsoft Yes CVE-2024-38165 External Control of File Name or Path 12085 12086 12242 12243 Tampering 12085 Tampering 12086 Tampering 12242 Tampering 12243 Important 12085 Important 12086 Important 12242 Important 12243 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C 12243 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 <a href="https://twitter.com/terrynini38514">Terrynini</a> with <a href="https://devco.re/">DEVCORE</a> 1.0 2024-08-13T07:00:00 <p>Information published. This CVE was addressed by updates that were released in July 2024, but the CVE was inadvertently omitted from the July 2024 Security Updates. This is an informational change only. Customers who have already installed the July 2024 updates do not need to take any further action.</p> Microsoft Office Visio Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Visio Microsoft Yes CVE-2024-38169 Heap-based Buffer Overflow 11573 11574 11762 11763 11952 11953 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11952 Remote Code Execution 11953 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 Click to Run <a href="https://twitter.com/thezdi">Anonymous</a> with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero day Initiative</a> 1.0 2024-08-13T07:00:00 <p>Information published.</p> Microsoft Excel Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Excel Microsoft Yes CVE-2024-38170 Heap-based Buffer Overflow 11762 11763 11951 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Important 11762 Important 11763 Important 11951 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11762 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11763 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11951 Click to Run 11762 11763 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/office365-proplus-security-updates 11762 11763 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 Maybe Security Update 16.88.24081116 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 Release Notes Anonymous 1.0 2024-08-13T07:00:00 <p>Information published.</p> Microsoft PowerPoint Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes, the Preview Pane is an attack vector.</p> Microsoft Office PowerPoint Microsoft Yes CVE-2024-38171 Use After Free 11573 11574 11762 11763 11951 11952 11953 10741 10742 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11951 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 10741 Remote Code Execution 10742 Important 11573 Important 11574 Important 11762 Important 11763 Important 11951 Important 11952 Important 11953 Important 10741 Important 10742 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11951 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10741 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10742 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 Click to Run Release Notes https://go.microsoft.com/fwlink/p/?linkid=831049 11951 Maybe Security Update 16.88.24081116 https://go.microsoft.com/fwlink/p/?linkid=831049 11951 Release Notes 5002586 https://www.microsoft.com/en-us/download/details.aspx?id=106184 5002495 10741 Maybe Security Update 16.0.5461.1000 https://support.microsoft.com/help/5002586 10741 5002586 5002586 https://www.microsoft.com/en-us/download/details.aspx?id=106185 5002495 10742 Maybe Security Update 16.0.5461.1000 https://support.microsoft.com/help/5002586 10742 5002586 Anonymous working with Trend Micro Zero Day Initiative 1.1 2024-08-14T07:00:00 <p>Corrected Download links in the Security Updates table. This is an informational change only.</p> 1.0 2024-08-13T07:00:00 <p>Information published.</p> Microsoft Outlook Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H) and privileges required are low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An attacker must gain access to the victim user's Microsoft Outlook account by compromising or stealing their login credential and then install a malicious form prior to exploiting the vulnerability successfully.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Successful exploitation of this vulnerability requires a user to open a malicious email with an affected version of Microsoft Outlook and then perform specific actions to trigger the vulnerability.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>Yes, the Preview Pane is an attack vector.</p> Microsoft Office Outlook Microsoft Yes CVE-2024-38173 External Control of File Name or Path 11573 11574 11762 11763 11952 11953 10765 10766 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 10765 Remote Code Execution 10766 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Important 10765 Important 10766 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10765 6.7 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10766 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 Click to Run 5002626 https://www.microsoft.com/en-us/download/details.aspx?id=106182 5002621 10765 Maybe Security Update 16.0.5461.1001 https://support.microsoft.com/help/5002626 10765 5002626 5002626 https://www.microsoft.com/en-us/download/details.aspx?id=106183 5002621 10766 Maybe Security Update 16.0.5461.1001 https://support.microsoft.com/help/5002626 10766 5002626 <a href="https://www.linkedin.com/in/arnoldosipov/">Arnold Osipov</a> with <a href="https://www.morphisec.com/">Morphisec</a> <a href="https://www.linkedin.com/in/smgoreli/">Michael Gorelik</a> with <a href="https://www.morphisec.com/">Morphisec</a> <a href="https://www.linkedin.com/in/shmuel-uzan-aa21ab158/">Shmuel Uzan</a> with <a href="https://www.morphisec.com/">Morphisec</a> 1.0 2024-08-13T07:00:00 <p>Information published.</p> 1.1 2024-08-14T07:00:00 <p>Corrected Download links in the Security Updates table. This is an informational change only.</p> Windows App Installer Spoofing Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The attacker must convince a user to call Windows App Installer with a specially crafted malicious winget file.</p> <p><strong>How can I find more information regarding Windows App Installer and Winget?</strong></p> <p>Please read this page to understand more about App Installer: <a href="https://learn.microsoft.com/en-us/windows/msix/app-installer/install-update-app-installer">Installing the App Installer</a>.</p> Windows App Installer Microsoft Yes CVE-2024-38177 Improper Encoding or Escaping of Output 11981 Spoofing 11981 Important 11981 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11981 Release Notes https://aka.ms/getwinget 11981 No Security Update 1.22.11261.0 https://learn.microsoft.com/en-us/windows/msix/app-installer/install-update-app-installer 11981 Release Notes Felix Boulet 1.0 2024-08-13T07:00:00 <p>Information published.</p> Windows SmartScreen Security Feature Bypass Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>A user needs to be tricked into running malicious files.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this security feature bypass vulnerability, an attacker would need to convince a user to launch malicious files using a launcher application that requests that no UI be shown.</p> <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> Windows SmartScreen Microsoft Yes CVE-2024-38180 Protection Mechanism Failure 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 12389 12390 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 9312 Security Feature Bypass 10287 Security Feature Bypass 9318 Security Feature Bypass 9344 Security Feature Bypass 10051 Security Feature Bypass 10049 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Security Feature Bypass 12389 Security Feature Bypass 12390 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Important 12389 Important 12390 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 5041578 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578 5040430 11568 11569 11571 11572 Yes Security Update 10.0.17763.6189 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041578 5041578 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041592 5040431 11926 11927 Yes Security Update 10.0.22000.3147 https://support.microsoft.com/help/5041592 11926 11927 5041592 5041592 https://support.microsoft.com/help/5041592 11926 11927 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 11929 11930 11931 Yes Security Update 10.0.19044.4780 https://support.microsoft.com/help/5041580 11929 11930 11931 5041580 5041580 https://support.microsoft.com/help/5041580 11929 11930 11931 12097 12098 12099 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12085 12086 Yes Security Update 10.0.22621.4037 https://support.microsoft.com/help/5041585 12085 12086 5041585 5041585 https://support.microsoft.com/help/5041585 12085 12086 12242 12243 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 12097 12098 12099 Yes Security Update 10.0.19045.4780 https://support.microsoft.com/help/5041580 12097 12098 12099 5041580 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12242 12243 Yes Security Update 10.0.22631.4037 https://support.microsoft.com/help/5041585 12242 12243 5041585 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041782 5040448 10729 10735 Yes Security Update 10.0.10240.20751 https://support.microsoft.com/help/5041782 10729 10735 5041782 5041782 https://support.microsoft.com/help/5041782 10729 10735 5041773 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773 5040434 10852 10853 10816 10855 Yes Security Update 10.0.14393.7259 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041773 5041773 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041850 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041850 5040499 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22825 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041850 5041850 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041847 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041847 9312 10287 9318 9344 Yes Security Only 6.0.6003.22825 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041847 5041847 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041838 5040497 10051 10049 Yes Monthly Rollup 6.1.7601.27277 https://support.microsoft.com/help/5041838 10051 10049 5041838 5041838 https://support.microsoft.com/help/5041838 10051 10049 5041823 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041823 10051 10049 Yes Security Only 6.1.7601.27277 https://support.microsoft.com/help/5041823 10051 10049 5041823 5041851 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041851 5040485 10378 10379 Yes Monthly Rollup 6.2.9200.25031 https://support.microsoft.com/help/5041851 10378 10379 5041851 5041851 https://support.microsoft.com/help/5041851 10378 10379 5041828 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041828 5040456 10483 10543 Yes Monthly Rollup 6.3.9600.22134 https://support.microsoft.com/help/5041828 10483 10543 5041828 5041828 https://support.microsoft.com/help/5041828 10483 10543 5041571 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571 5040435 12389 12390 Yes Security Update 10.0.26100.1457 https://support.microsoft.com/help/5041571 12389 12390 5041571 5041571 https://support.microsoft.com/help/5041571 12389 12390 <a href="https://twitter.com/dwbzn">Harry Withington</a> with <a href="https://www.aurainfosec.com/">Aura Information Security</a> 1.0 2024-08-13T07:00:00 <p>Information published.</p> Windows Kernel-Mode Driver Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kernel-Mode Drivers Microsoft Yes CVE-2024-38185 Untrusted Pointer Dereference 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 <a href="https://talosintelligence.com/">Philippe Laulheret</a> with <a href="https://www.talosintelligence.com/vulnerability_reports">Cisco Talos</a> 1.0 2024-08-13T07:00:00 <p>Information published. This CVE was addressed by updates that were released in July 2024, but the CVE was inadvertently omitted from the July 2024 Security Updates. This is an informational change only. Customers who have already installed the July 2024 updates do not need to take any further action.</p> Windows Kernel-Mode Driver Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kernel-Mode Drivers Microsoft Yes CVE-2024-38186 Time-of-check Time-of-use (TOCTOU) Race Condition 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 <a href="https://talosintelligence.com/">Philippe Laulheret</a> with <a href="https://www.talosintelligence.com/vulnerability_reports">Cisco Talos</a> 1.0 2024-08-13T07:00:00 <p>Information published. This CVE was addressed by updates that were released in July 2024, but the CVE was inadvertently omitted from the July 2024 Security Updates. This is an informational change only. Customers who have already installed the July 2024 updates do not need to take any further action.</p> Windows Kernel-Mode Driver Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kernel-Mode Drivers Microsoft Yes CVE-2024-38187 Untrusted Pointer Dereference 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 <a href="https://blog.talosintelligence.com/">Philippe Laulheret</a> with <a href="https://www.talosintelligence.com/vulnerability_reports">Cisco Talos</a> 1.0 2024-08-13T07:00:00 <p>Information published. This CVE was addressed by updates that were released in July 2024, but the CVE was inadvertently omitted from the July 2024 Security Updates. This is an informational change only. Customers who have already installed the July 2024 updates do not need to take any further action.</p> Microsoft Project Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>Exploitation requires the victim to open a malicious Microsoft Office Project file on a system where the <a href="https://learn.microsoft.com/en-us/microsoft-365-apps/security/internet-macros-blocked#block-macros-from-running-in-office-files-from-the-internet">Block macros from running in Office files from the Internet</a> policy is disabled and <a href="https://learn.microsoft.com/en-us/microsoft-365-apps/security/internet-macros-blocked#vba-macro-notification-settings">VBA Macro Notification Settings</a> are not enabled allowing the attacker to perform remote code execution.</p> <ul> <li>In an email attack scenario, an attacker could send the malicious file to the victim and convince them to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a malicious file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force the victim to visit the website. Instead, an attacker would have to convince the victim to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the malicious file.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> Microsoft Office Project Microsoft Yes CVE-2024-38189 Improper Input Validation 11573 11574 11762 11763 10760 10761 11953 11952 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 10760 Remote Code Execution 10761 Remote Code Execution 11953 Remote Code Execution 11952 Important 11573 Important 11574 Important 11762 Important 11763 Important 10760 Important 10761 Important 11953 Important 11952 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11573 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11574 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11762 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11763 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10760 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10761 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11953 8.8 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11952 Click to Run 11573 11574 11762 11763 11953 11952 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11953 11952 Click to Run 5002561 https://www.microsoft.com/en-us/download/details.aspx?id=106186 5002328 10760 Maybe Security Update 16.0.5461.1001 https://support.microsoft.com/help/5002561 10760 5002561 5002561 https://www.microsoft.com/en-us/download/details.aspx?id=106187 5002328 10761 Maybe Security Update 16.0.5461.1001 https://support.microsoft.com/help/5002561 10761 5002561 <p><strong>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx#Mitigation">mitigating factors</a> might be helpful in your situation:</strong></p> <p>Microsoft strongly recommends customers do not disable the <a href="https://learn.microsoft.com/en-us/microsoft-365-apps/security/internet-macros-blocked#block-macros-from-running-in-office-files-from-the-internet">Block macros from running in Office files from the Internet</a> policy which protects against this vulnerability. However, customers who have disabled this policy can alternatively enable <a href="https://learn.microsoft.com/en-us/microsoft-365-apps/security/internet-macros-blocked#vba-macro-notification-settings">VBA Macro Notification Settings</a> to protect their systems from this vulnerability being exploited.</p> 1.0 2024-08-13T07:00:00 <p>Information published.</p> 1.1 2024-08-14T07:00:00 <p>Corrected Download links in the Security Updates table. This is an informational change only.</p> Azure CycleCloud Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker with permissions to execute commands on the Azure CycleCloud instance could send a specially crafted request that returns the storage account credentials and runtime data. The attacker can then use the comprised credentials to access the underlying storage resources and upload malicious scripts which will be executed as Root, enabling remote code execution to be performed on any cluster in the CycleCloud instance.</p> Azure CycleCloud Microsoft Yes CVE-2024-38195 Improper Access Control 11905 12102 12333 12371 12372 12373 12374 12375 12376 12377 12378 12379 12380 12381 12398 12399 Remote Code Execution 11905 Remote Code Execution 12102 Remote Code Execution 12333 Remote Code Execution 12371 Remote Code Execution 12372 Remote Code Execution 12373 Remote Code Execution 12374 Remote Code Execution 12375 Remote Code Execution 12376 Remote Code Execution 12377 Remote Code Execution 12378 Remote Code Execution 12379 Remote Code Execution 12380 Remote Code Execution 12381 Remote Code Execution 12398 Remote Code Execution 12399 Important 11905 Important 12102 Important 12333 Important 12371 Important 12372 Important 12373 Important 12374 Important 12375 Important 12376 Important 12377 Important 12378 Important 12379 Important 12380 Important 12381 Important 12398 Important 12399 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11905 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12102 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12333 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12371 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12372 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12373 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12374 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12375 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12376 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12377 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12380 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12381 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12398 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12399 Release Notes https://learn.microsoft.com/en-us/azure/cyclecloud/how-to/upgrade-and-migrate?view=cyclecloud-8 11905 12102 12333 12371 12372 12373 12374 12375 12376 12377 12378 12379 12380 12381 12398 12399 Maybe Security Update 8.6.3 https://learn.microsoft.com/en-us/azure/cyclecloud/release-notes?view=cyclecloud-8 11905 12102 12333 12371 12372 12373 12374 12375 12376 12377 12378 12379 12380 12381 12398 12399 Release Notes Anonymous 1.0 2024-08-13T07:00:00 <p>Information published.</p> Windows Update Stack Elevation of Privilege Vulnerability <p><strong>How do I protect myself from this vulnerability?</strong></p> <p>The vulnerability pertains to a previous installer version which has been superseded by the new WinRE installer. Since the vulnerability is only exploitable at the install time, users need to take no action to be protected from this vulnerability. See the linked Article in the Security Updates table about the update for your particular Windows version.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>How do I know if I need to install the update to be protected from this vulnerability?</strong></p> <p>You do not need to install the standalone updates listed in the Security Updates table if either of the following applies:</p> <ol> <li>You have installed the January 9, 2024 or newer SafeOS Dynamic Update for your operating system, available on the <a href="https://www.catalog.update.microsoft.com/Search.aspx?q=Safe+OS">Microsoft Update Catalog</a>.</li> <li>If the WinRE image on your machine has a version greater than or equal to the following, based on the installed operating system. To determine the version of your WinRE image, check the WinREVersion registry value at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion:</li> </ol> <ul> <li>Windows 11, version 21H2: WinRE Version must be &gt;= 10.0.22000.2710</li> <li>Windows Server 2022: WinRE Version must be &gt;= 10.0.20348.2201</li> <li>Windows 10, version 21H2 and Windows 10, version 22H2: WinRE Version must be &gt;= 10.0.19041.3920</li> </ul> <p>Note that the update will not be offered if your machine does not have enough free space on your WinRE Recovery Partition, or if you do not have WinRE enabled.</p> Windows Update Stack Microsoft Yes CVE-2024-38163 Improper Access Control 11923 11926 11929 11931 12097 12099 Elevation of Privilege 11923 Elevation of Privilege 11926 Elevation of Privilege 11929 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12099 Important 11923 Important 11926 Important 11929 Important 11931 Important 12097 Important 12099 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 5042322 https://support.microsoft.com/help/5042322 5034439 11923 Maybe Security Update 10.0.20348.2201 https://support.microsoft.com/help/5042322 11923 5042322 5042321 https://support.microsoft.com/help/5042321 5034440 11926 Maybe Security Update 10.0.22000.2710 https://support.microsoft.com/help/5042321 11926 5042321 5042320 https://support.microsoft.com/help/5042320 5034441 11929 11931 12097 12099 Maybe Security Update 10.0.19041.3920 https://support.microsoft.com/help/5042320 11929 11931 12097 12099 5042320 <a href="https://www.linkedin.com/in/ilan-kotler-pt/">Ilan Kotler</a> <a href="https://medium.com/@spoppi">Sandro Poppi</a> Nicholas Zubrisky (@NZubrisky) of Trend Micro Zero Day Initiative 1.0 2024-08-13T07:00:00 <p>Information published.</p> 1.1 2024-10-03T07:00:00 <p>Corrected Build Numbers in the Security Updates table. This is an informational change only.</p> Microsoft Office Spoofing Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.</p> <p><strong>Am I vulnerable to this issue until I install the August 13, 2024 updates?</strong></p> <p>No, we identified an alternative fix to this issue that we enabled via Feature Flighting on 7/30/2024. Customers are already protected on all in-support versions of Microsoft Office and Microsoft 365. Customers should still update to the August 13, 2024 updates for the final version of the fix.</p> <p><strong>When will a final update be available to address this vulnerability?</strong></p> <p>The Security Updates table will be revised when the update is publicly available. If you wish to be notified when these update is released, we recommend that you register for the security notifications mailer to be alerted of content changes to this CVE. See <a href="https://technet.microsoft.com/en-us/security/dd252948">Microsoft Technical Security Notifications</a> and <a href="https://msrc-blog.microsoft.com/2022/01/11/coming-soon-new-security-update-guide-notification-system/">Coming Soon: New Security Update Guide Notification System</a>.</p> <p><strong>There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?</strong></p> <p>Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.</p> Microsoft Office Microsoft Yes CVE-2024-38200 Exposure of Sensitive Information to an Unauthorized Actor 11573 11574 11762 11763 11952 11953 10753 10754 Spoofing 11573 Spoofing 11574 Spoofing 11762 Spoofing 11763 Spoofing 11952 Spoofing 11953 Spoofing 10753 Spoofing 10754 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Important 10753 Important 10754 Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11573 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11574 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11762 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11763 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11952 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11953 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10753 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10754 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 Click to Run 5002625 https://www.microsoft.com/en-us/download/details.aspx?id=106180 5002620 10753 Maybe Security Update 16.0.5461.1001 https://support.microsoft.com/help/5002625 10753 5002625 5002570 https://www.microsoft.com/en-us/download/details.aspx?id=106178 5002519 10753 Maybe Security Update 16.0.5461.1000 https://support.microsoft.com/help/5002570 10753 5002570 5002625 https://www.microsoft.com/en-us/download/details.aspx?id=106181 5002620 10754 Maybe Security Update 16.0.5461.1001 https://support.microsoft.com/help/5002625 10754 5002625 5002570 https://www.microsoft.com/en-us/download/details.aspx?id=106179 5002519 10754 Maybe Security Update 16.0.5461.1000 https://support.microsoft.com/help/5002570 10754 5002570 <p><strong>The following <a href="https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers">mitigating factors</a> may be helpful in your situation:</strong></p> <p>Configuring the <a href="https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers#policy-management">Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers</a> policy setting provides the ability to allow, block, or audit outgoing NTLM traffic from a computer running Windows Server 2008, Windows Server 2008 R2, or later to any remote server running the Windows operating system. Performing this mitigation allows you to block or audit all attempts to connect to remote servers through NTLM authentication. <strong>Please note:</strong> Modifying this policy setting may affect compatibility with client computers, services, and applications.</p> <p><strong>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx">mitigating factors</a> may be helpful in your situation:</strong></p> <ul> <li>Add users to the Protected Users Security Group, which prevents the use of NTLM as an authentication mechanism. Performing this mitigation makes troubleshooting easier than other methods of disabling NTLM. Consider using it for high value accounts such as Domain Admins when possible. <strong>Please note:</strong> This may cause impact to applications that require NTLM, however the settings will revert once the user is removed from the Protected Users Group. Please see <a href="https://learn.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/protected-users-security-group">Protected Users Security Group</a> for more information.</li> <li>Block TCP 445/SMB outbound from your network by using a perimeter firewall, a local firewall, and via your VPN settings. This will prevent the sending of NTLM authentication messages to remote file shares.</li> </ul> Metin Yunus Kandemir <a href="https://jimsrush/">JimSRush</a> with <a href="https://privsec.nz/">PrivSec Consulting</a> 2.0 2024-08-13T07:00:00 <p>Security Updates table updated provide links to the KB articles and download center updates. Microsoft recommends installing the updates.</p> 1.0 2024-08-08T07:00:00 <p>Information published.</p> 1.1 2024-08-09T07:00:00 <p>Added FAQ information. This is an informational change only.</p> 1.2 2024-08-10T07:00:00 <p>Updated the Publicly Disclosed information.</p> Redhat: CVE-2022-3775 grub2 - Heap based out-of-bounds write when rendering certain Unicode sequences https://nvd.nist.gov/vuln/detail/CVE-2022-3775 https://nvd.nist.gov/vuln/detail/CVE-2022-3775 https://nvd.nist.gov/vuln/detail/CVE-2022-3775 https://nvd.nist.gov/vuln/detail/CVE-2022-3775 https://nvd.nist.gov/vuln/detail/CVE-2022-3775 https://nvd.nist.gov/vuln/detail/CVE-2022-3775 <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> <p><strong>Why is this Redhat CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Linux shim <a href="https://github.com/rhboot/shim">rhboot/shim</a>, a bootloader designed to support Secure Boot on systems that are running Linux. It is being documented in the Security Update Guide to announce that the latest builds of Windows are no longer vulnerable to this security feature bypass using Linux shim. Please see <a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a> for more information.</p> Windows Secure Boot Red Hat, Inc. Yes CVE-2022-3775 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 12389 12390 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 12357 12356 12138 12137 12140 12139 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 12389 Remote Code Execution 12390 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 12357 12356 12138 12137 12140 12139 Critical 11568 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 12242 Critical 12243 Critical 12244 Critical 12389 Critical 12390 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 10378 Critical 10379 Critical 10483 Critical 10543 12357 12356 12138 12137 12140 12139 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 11568 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 11569 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 11571 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 11572 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 11923 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 11924 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 11926 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 11927 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 11929 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 11930 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 11931 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 12085 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 12086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 12097 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 12098 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 12099 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 12242 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 12243 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 12244 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 12389 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 12390 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 10729 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 10735 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 10852 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 10853 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 10816 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 10855 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 10378 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 10379 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 10483 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 10543 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 12357 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 12356 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 12138 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 12137 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 12140 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 12139 5041578 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578 5040430 11568 11569 11571 11572 Yes Security Update 10.0.17763.6189 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041578 5041578 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041592 5040431 11926 11927 Yes Security Update 10.0.22000.3147 https://support.microsoft.com/help/5041592 11926 11927 5041592 5041592 https://support.microsoft.com/help/5041592 11926 11927 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 11929 11930 11931 Yes Security Update 10.0.19044.4780 https://support.microsoft.com/help/5041580 11929 11930 11931 5041580 5041580 https://support.microsoft.com/help/5041580 11929 11930 11931 12097 12098 12099 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12085 12086 Yes Security Update 10.0.22621.4037 https://support.microsoft.com/help/5041585 12085 12086 5041585 5041585 https://support.microsoft.com/help/5041585 12085 12086 12242 12243 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 12097 12098 12099 Yes Security Update 10.0.19045.4780 https://support.microsoft.com/help/5041580 12097 12098 12099 5041580 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12242 12243 Yes Security Update 10.0.22631.4037 https://support.microsoft.com/help/5041585 12242 12243 5041585 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041571 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571 5040435 12389 12390 Yes Security Update 10.0.26100.1457 https://support.microsoft.com/help/5041571 12389 12390 5041571 5041571 https://support.microsoft.com/help/5041571 12389 12390 5041782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041782 5040448 10729 10735 Yes Security Update 10.0.10240.20751 https://support.microsoft.com/help/5041782 10729 10735 5041782 5041782 https://support.microsoft.com/help/5041782 10729 10735 5041773 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773 5040434 10852 10853 10816 10855 Yes Security Update 10.0.14393.7259 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041773 5041773 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041851 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041851 5040485 10378 10379 Yes Monthly Rollup 6.2.9200.25031 https://support.microsoft.com/help/5041851 10378 10379 5041851 5041851 https://support.microsoft.com/help/5041851 10378 10379 5041828 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041828 5040456 10483 10543 Yes Monthly Rollup 6.3.9600.22134 https://support.microsoft.com/help/5041828 10483 10543 5041828 5041828 https://support.microsoft.com/help/5041828 10483 10543 grub2 12357 grub2-2.06-18.azl3.aarch64.rpm 0001-01-01T00:00:00 grub2-efi-2.06-18.azl3.aarch64.rpm 0001-01-01T00:00:00 grub2-efi-unsigned-2.06-18.azl3.aarch64.rpm 0001-01-01T00:00:00 grub2-efi-binary-2.06-18.azl3.aarch64.rpm 0001-01-01T00:00:00 grub2-efi-binary-noprefix-2.06-18.azl3.aarch64.rpm 0001-01-01T00:00:00 grub2-rpm-macros-2.06-18.azl3.aarch64.rpm 0001-01-01T00:00:00 grub2-configuration-2.06-18.azl3.aarch64.rpm 0001-01-01T00:00:00 grub2-tools-minimal-2.06-18.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.06-14 https://nvd.nist.gov/vuln/detail/CVE-2022-3775 12357 grub2 grub2 12356 grub2-2.06-18.azl3.x86_64.rpm 0001-01-01T00:00:00 grub2-pc-2.06-18.azl3.x86_64.rpm 0001-01-01T00:00:00 grub2-efi-2.06-18.azl3.x86_64.rpm 0001-01-01T00:00:00 grub2-efi-unsigned-2.06-18.azl3.x86_64.rpm 0001-01-01T00:00:00 grub2-efi-binary-2.06-18.azl3.x86_64.rpm 0001-01-01T00:00:00 grub2-efi-binary-noprefix-2.06-18.azl3.x86_64.rpm 0001-01-01T00:00:00 grub2-rpm-macros-2.06-18.azl3.x86_64.rpm 0001-01-01T00:00:00 grub2-configuration-2.06-18.azl3.x86_64.rpm 0001-01-01T00:00:00 grub2-tools-minimal-2.06-18.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.06-14 https://nvd.nist.gov/vuln/detail/CVE-2022-3775 12356 grub2 grub2 12138 grub2-2.06~rc1-10.cm1.aarch64.rpm 0001-01-01T00:00:00 grub2-efi-2.06~rc1-10.cm1.aarch64.rpm 0001-01-01T00:00:00 grub2-efi-unsigned-2.06~rc1-10.cm1.aarch64.rpm 0001-01-01T00:00:00 grub2-efi-binary-2.06~rc1-10.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.06~rc1-10 https://nvd.nist.gov/vuln/detail/CVE-2022-3775 12138 grub2 grub2 12137 grub2-2.06~rc1-10.cm1.x86_64.rpm 0001-01-01T00:00:00 grub2-pc-2.06~rc1-10.cm1.x86_64.rpm 0001-01-01T00:00:00 grub2-efi-2.06~rc1-10.cm1.x86_64.rpm 0001-01-01T00:00:00 grub2-efi-unsigned-2.06~rc1-10.cm1.x86_64.rpm 0001-01-01T00:00:00 grub2-efi-binary-2.06~rc1-10.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.06~rc1-10 https://nvd.nist.gov/vuln/detail/CVE-2022-3775 12137 grub2 grub2 12140 grub2-2.06-10.cm2.aarch64.rpm 0001-01-01T00:00:00 grub2-efi-2.06-10.cm2.aarch64.rpm 0001-01-01T00:00:00 grub2-efi-unsigned-2.06-10.cm2.aarch64.rpm 0001-01-01T00:00:00 grub2-efi-binary-2.06-10.cm2.aarch64.rpm 0001-01-01T00:00:00 grub2-efi-binary-noprefix-2.06-10.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.06-10 https://nvd.nist.gov/vuln/detail/CVE-2022-3775 12140 grub2 grub2 12139 grub2-2.06-10.cm2.x86_64.rpm 0001-01-01T00:00:00 grub2-pc-2.06-10.cm2.x86_64.rpm 0001-01-01T00:00:00 grub2-efi-2.06-10.cm2.x86_64.rpm 0001-01-01T00:00:00 grub2-efi-unsigned-2.06-10.cm2.x86_64.rpm 0001-01-01T00:00:00 grub2-efi-binary-2.06-10.cm2.x86_64.rpm 0001-01-01T00:00:00 grub2-efi-binary-noprefix-2.06-10.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.06-10 https://nvd.nist.gov/vuln/detail/CVE-2022-3775 12139 grub2 Bill Demirkapi with Microsoft 1.0 2024-08-13T07:00:00 <p>Information published.</p> Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> Microsoft Dynamics Microsoft Yes CVE-2024-38211 URL Redirection to Untrusted Site ('Open Redirect') 11921 Spoofing 11921 Important 11921 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.2 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C 11921 5041557 https://www.microsoft.com/en-us/download/details.aspx?id=106191 11921 Maybe Security Update 1.31 https://support.microsoft.com/help/5041557 11921 5041557 <a href="https://www.linkedin.com/in/michaelboeynaems/">Michael Boeynaems</a> with <a href="https://www.splynter.be/">Splynter</a> Felix Boulet with <a href="https://www.cyber.gouv.qc.ca/">Centre gouvernemental de cyberd&#233;fense (CGCD)</a> 1.1 2024-08-14T07:00:00 <p>Corrected Download links in the Security Updates table. This is an informational change only.</p> 1.0 2024-08-13T07:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>This attack requires an admin user on the client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2024-38120 Heap-based Buffer Overflow 11571 11572 11923 11924 12244 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12244 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12244 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5041578 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578 5040430 11571 11572 Yes Security Update 10.0.17763.6189 https://support.microsoft.com/help/5041578 11571 11572 5041578 5041578 https://support.microsoft.com/help/5041578 11571 11572 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041773 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773 5040434 10816 10855 Yes Security Update 10.0.14393.7259 https://support.microsoft.com/help/5041773 10816 10855 5041773 5041773 https://support.microsoft.com/help/5041773 10816 10855 5041850 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041850 5040499 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22825 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041850 5041850 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041847 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041847 9312 10287 9318 9344 Yes Security Only 6.0.6003.22825 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041847 5041847 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041838 5040497 10051 10049 Yes Monthly Rollup 6.1.7601.27277 https://support.microsoft.com/help/5041838 10051 10049 5041838 5041838 https://support.microsoft.com/help/5041838 10051 10049 5041823 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041823 10051 10049 Yes Security Only 6.1.7601.27277 https://support.microsoft.com/help/5041823 10051 10049 5041823 5041851 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041851 5040485 10378 10379 Yes Monthly Rollup 6.2.9200.25031 https://support.microsoft.com/help/5041851 10378 10379 5041851 5041851 https://support.microsoft.com/help/5041851 10378 10379 5041828 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041828 5040456 10483 10543 Yes Monthly Rollup 6.3.9600.22134 https://support.microsoft.com/help/5041828 10483 10543 5041828 5041828 https://support.microsoft.com/help/5041828 10483 10543 Anonymous 1.0 2024-08-13T07:00:00 <p>Information published.</p> Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited the vulnerability could view sensitive information (Confidentiality). While the attacker can not make changes to disclosed information (Integrity) and limit access to the resource (Availability).</p> <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>This attack requires an admin user on the client to connect to a malicious server and then take specific actions which could result in information disclosure.</p> Windows Routing and Remote Access Service (RRAS) Microsoft Yes CVE-2024-38214 Out-of-bounds Read 11571 11572 11923 11924 12244 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 12244 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12244 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5041578 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578 5040430 11571 11572 Yes Security Update 10.0.17763.6189 https://support.microsoft.com/help/5041578 11571 11572 5041578 5041578 https://support.microsoft.com/help/5041578 11571 11572 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041773 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773 5040434 10816 10855 Yes Security Update 10.0.14393.7259 https://support.microsoft.com/help/5041773 10816 10855 5041773 5041773 https://support.microsoft.com/help/5041773 10816 10855 5041850 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041850 5040499 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22825 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041850 5041850 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041847 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041847 9312 10287 9318 9344 Yes Security Only 6.0.6003.22825 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041847 5041847 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041838 5040497 10051 10049 Yes Monthly Rollup 6.1.7601.27277 https://support.microsoft.com/help/5041838 10051 10049 5041838 5041838 https://support.microsoft.com/help/5041838 10051 10049 5041823 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041823 10051 10049 Yes Security Only 6.1.7601.27277 https://support.microsoft.com/help/5041823 10051 10049 5041823 5041851 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041851 5040485 10378 10379 Yes Monthly Rollup 6.2.9200.25031 https://support.microsoft.com/help/5041851 10378 10379 5041851 5041851 https://support.microsoft.com/help/5041851 10378 10379 5041828 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041828 5040456 10483 10543 Yes Monthly Rollup 6.3.9600.22134 https://support.microsoft.com/help/5041828 10483 10543 5041828 5041828 https://support.microsoft.com/help/5041828 10483 10543 Anonymous 1.0 2024-08-13T07:00:00 <p>Information published.</p> Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Cloud Files Mini Filter Driver Microsoft Yes CVE-2024-38215 Integer Overflow or Wraparound 12389 12390 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Important 12389 Important 12390 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 5041571 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571 5040435 12389 12390 Yes Security Update 10.0.26100.1457 https://support.microsoft.com/help/5041571 12389 12390 5041571 5041571 https://support.microsoft.com/help/5041571 12389 12390 5041578 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578 5040430 11568 11569 11571 11572 Yes Security Update 10.0.17763.6189 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041578 5041578 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041592 5040431 11926 11927 Yes Security Update 10.0.22000.3147 https://support.microsoft.com/help/5041592 11926 11927 5041592 5041592 https://support.microsoft.com/help/5041592 11926 11927 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 11929 11930 11931 Yes Security Update 10.0.19044.4780 https://support.microsoft.com/help/5041580 11929 11930 11931 5041580 5041580 https://support.microsoft.com/help/5041580 11929 11930 11931 12097 12098 12099 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12085 12086 Yes Security Update 10.0.22621.4037 https://support.microsoft.com/help/5041585 12085 12086 5041585 5041585 https://support.microsoft.com/help/5041585 12085 12086 12242 12243 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 12097 12098 12099 Yes Security Update 10.0.19045.4780 https://support.microsoft.com/help/5041580 12097 12098 12099 5041580 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12242 12243 Yes Security Update 10.0.22631.4037 https://support.microsoft.com/help/5041585 12242 12243 5041585 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 Ezrakiez with MatrixCup 1.0 2024-08-13T07:00:00 <p>Information published.</p> Microsoft Dynamics 365 Cross-site Scripting Vulnerability <p>An unauthenticated attacker can exploit improper neutralization of input during web page generation in Microsoft Dynamics 365 to spoof over a network by tricking a user to click on a link.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Microsoft Dynamics Microsoft No CVE-2024-38166 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 12388 Spoofing 12388 Critical 12388 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.2 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C 12388 Jhilakshi 1.0 2024-08-06T07:00:00 <p>Information published.</p> Microsoft Copilot Studio Information Disclosure Vulnerability <p>An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Microsoft Copilot Studio Microsoft No CVE-2024-38206 Server-Side Request Forgery (SSRF) 12400 Information Disclosure 12400 Critical 12400 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.5 7.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C 12400 <a href="https://twitter.com/stargravy">Evan Grant</a> with <a href="https://tenable.com/">Tenable</a> 1.0 2024-08-06T07:00:00 <p>Information published.</p> Microsoft Edge (HTML-based) Memory Corruption Vulnerability <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>127.0.2651.98</td> <td>127.0.6533.99/.100</td> <td>8/8/2024</td> </tr> </tbody> </table> <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2024-38218 Access of Resource Using Incompatible Type ('Type Confusion') 11655 Remote Code Execution 11655 Important 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 127.0.2651.98 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes Nan Wang(@eternalsakura13) 1.0 2024-08-08T07:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to minor loss of confidentiality (C:L), integrity (I:L) and availability (A:L). What does that mean for this vulnerability?</strong></p> <p>While we cannot rule out the impact to Confidentiality, Integrity, and Availability, the ability to exploit this vulnerability by itself is limited. An attacker would need to combine this with other vulnerabilities to perform an attack.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>127.0.2651.98</td> <td>127.0.6533.99/.100</td> <td>8/8/2024</td> </tr> </tbody> </table> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>This vulnerability could lead to a contained execution environment escape. Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer Isolation</a> for more information.</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2024-38219 Access of Resource Using Incompatible Type ('Type Confusion') 11655 Remote Code Execution 11655 Moderate 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 127.0.2651.98 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes <a href="https://x.com/eternalsakura13">Nan Wang(@eternalsakura13)</a> 1.0 2024-08-08T07:00:00 <p>Information published.</p> Windows Initial Machine Configuration Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker needs physical access to the victim's machine.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker can use a specially crafted IMC.hiv file (with the registry configuration that needs to be changed), which could lead to elevation of privilege.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Initial Machine Configuration Microsoft Yes CVE-2024-38223 Improper Access Control 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 12389 12390 10729 10735 10852 10853 10816 10855 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 12389 Elevation of Privilege 12390 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 12389 Important 12390 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5041578 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578 5040430 11568 11569 11571 11572 Yes Security Update 10.0.17763.6189 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041578 5041578 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041592 5040431 11926 11927 Yes Security Update 10.0.22000.3147 https://support.microsoft.com/help/5041592 11926 11927 5041592 5041592 https://support.microsoft.com/help/5041592 11926 11927 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 11929 11930 11931 Yes Security Update 10.0.19044.4780 https://support.microsoft.com/help/5041580 11929 11930 11931 5041580 5041580 https://support.microsoft.com/help/5041580 11929 11930 11931 12097 12098 12099 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12085 12086 Yes Security Update 10.0.22621.4037 https://support.microsoft.com/help/5041585 12085 12086 5041585 5041585 https://support.microsoft.com/help/5041585 12085 12086 12242 12243 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 12097 12098 12099 Yes Security Update 10.0.19045.4780 https://support.microsoft.com/help/5041580 12097 12098 12099 5041580 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12242 12243 Yes Security Update 10.0.22631.4037 https://support.microsoft.com/help/5041585 12242 12243 5041585 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041571 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571 5040435 12389 12390 Yes Security Update 10.0.26100.1457 https://support.microsoft.com/help/5041571 12389 12390 5041571 5041571 https://support.microsoft.com/help/5041571 12389 12390 5041782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041782 5040448 10729 10735 Yes Security Update 10.0.10240.20751 https://support.microsoft.com/help/5041782 10729 10735 5041782 5041782 https://support.microsoft.com/help/5041782 10729 10735 5041773 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773 5040434 10852 10853 10816 10855 Yes Security Update 10.0.14393.7259 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041773 5041773 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041828 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041828 5040456 10483 10543 Yes Monthly Rollup 6.3.9600.22134 https://support.microsoft.com/help/5041828 10483 10543 5041828 5041828 https://support.microsoft.com/help/5041828 10483 10543 Anonymous 1.0 2024-08-13T07:00:00 <p>Information published.</p> Azure Health Bot Elevation of Privilege Vulnerability <p>An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Azure Health Bot Microsoft No CVE-2024-38109 Server-Side Request Forgery (SSRF) 12401 Elevation of Privilege 12401 Critical 12401 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C 12401 <a href="https://twitter.com/dinobytes">Jimi Sebree</a> with <a href="https://tenable.com/">Tenable</a> 1.0 2024-08-13T07:00:00 <p>Information published.</p> Azure Managed Instance for Apache Cassandra Elevation of Privilege Vulnerability <p>An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra allows an authenticated attacker to elevate privileges over a network.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) and major loss of integrity (I:H) but have no effect on availability (A:N). What does that mean for this vulnerability?</strong></p> <p>Exploiting this vulnerability allows an attacker to view highly sensitive resource information (C:H) and results in a total loss of protection for that data (I:H), but does not provide the capability to impact resource availability.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker with permissions to deploy User Defined Functions (UDF) in an Azure Managed Instance for Apache Cassandra cluster can send specially crafted requests to the underlying host and extract credentials for managed identities of other clusters on the same host node. The compromised credentials enable the attacker to impersonate the victim's managed identity and retrieve information from other clusters hosted on the node which could be outside of the attacker's tenant.</p> Azure Managed Instance for Apache Cassandra Microsoft No CVE-2024-38175 Improper Access Control 12387 Elevation of Privilege 12387 Critical 12387 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 9.6 8.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N/E:F/RL:O/RC:C 12387 <a href="https://twitter.com/wtm_offensi">wtm</a> with <a href="https://offensi.com/">Offensi</a> 1.0 2024-08-20T07:00:00 <p>Information published.</p> 1.1 2024-10-10T07:00:00 <p>Updated product information in the Software Update table. This is an informational change only.</p> Microsoft Edge for Android Spoofing Vulnerability <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?</strong></p> <p>Limited information from the victim's browser associated with the vulnerable URL can be sent to the attacker by the malicious code.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>128.0.2739.42</td> <td>128.0.6613.84/.85</td> <td>8/22/2024</td> </tr> </tbody> </table> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.</p> Microsoft Edge for Android Microsoft Yes CVE-2024-38208 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 11815 Spoofing 11815 Moderate 11815 Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 6.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C 11815 Release Notes 11815 No Security Update 128.0.2739.42 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11815 Release Notes <a href="https://www.instagram.com/zaid_ghiffarii/">MUHAMMAD ZAID GHIFARI</a> with <a href="https://www.instagram.com/sobatcyberid/">KALIMANTAN UTARA</a> 1.0 2024-08-22T07:00:00 <p>Information published.</p> 1.1 2024-09-19T07:00:00 <p>Updated CWE value. This is an informational change only.</p> Microsoft Edge (HTML-based) Memory Corruption Vulnerability <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to minor loss of confidentiality (C:L), integrity (I:L) and availability (A:L). What does that mean for this vulnerability?</strong></p> <p>While we cannot rule out the impact to Confidentiality, Integrity, and Availability, the ability to exploit this vulnerability by itself is limited. An attacker would need to combine this with other vulnerabilities to perform an attack.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>128.0.2739.42</td> <td>128.0.6613.84/.85</td> <td>8/22/2024</td> </tr> </tbody> </table> <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>Successful exploitation of this vulnerability requires requires the victim to click a malicious link for an attacker to initiate remote code execution of valid opcodes.</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2024-38207 Access of Resource Using Incompatible Type ('Type Confusion') 11655 Remote Code Execution 11655 Moderate 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 6.3 5.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 128.0.2739.42 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes Nan Wang(@eternalsakura13) 1.0 2024-08-22T07:00:00 <p>Information published.</p> 1.1 2024-09-19T07:00:00 <p>Updated CWE value. This is an informational change only.</p> Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p>Additionally, an attacker could convince a local user to open a malicious file. The attacker would have to convince the user to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation requires the victim to perform multiple steps to trigger the vulnerability.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>128.0.2739.42</td> <td>128.0.6613.84/.85</td> <td>8/22/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2024-38210 Out-of-bounds Read 11655 Remote Code Execution 11655 Important 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 128.0.2739.42 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes Nan Wang(@eternalsakura13) 1.0 2024-08-22T07:00:00 <p>Information published.</p> 1.1 2024-09-19T07:00:00 <p>Updated CWE value. This is an informational change only.</p> Windows Update Stack Elevation of Privilege Vulnerability <h1 id="summary">Summary</h1> <p>Microsoft was notified that an elevation of privilege vulnerability exists in Windows Update, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS). However, an attacker attempting to exploit this vulnerability requires additional interaction by a privileged user to be successful.</p> <p>Microsoft has developed a security update to mitigate this threat which was made available October 08, 2024 and is provided in the Security Updates table of this CVE for customers to download. <strong>Note:</strong> Depending on your version of Windows, additional steps may be required to update Windows Recovery Environment (WinRE) to be protected from this vulnerability. Please refer to the FAQ section for more information. Guidance for customers who cannot immediately implement the update is provided in the <strong>Recommended Actions</strong> section of this CVE to help reduce the risks associated with this vulnerability and to protect their systems.</p> <p>If there are any further updates regarding mitigations for this vulnerability, this CVE will be updated and customers will be notified. We highly encourage customers to <a href="https://www.microsoft.com/en-us/msrc/technical-security-notifications?rtc=1">subscribe</a> to Security Update Guide notifications to receive an alert if an update occurs.</p> <h2 id="details">Details</h2> <p>A security researcher informed Microsoft of an elevation of privilege vulnerability in Windows Update potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of VBS. For exploitation to succeed, an attacker must trick or convince an Administrator or a user with delegated permissions into performing a system restore which inadvertently triggers the vulnerability.</p> <p>Microsoft has developed a security update to mitigate this threat which was made available October 08, 2024 and is provided in the Security Updates table of this CVE for customers to download. <strong>Note:</strong> Depending on your version of Windows, additional steps may be required to update Windows Recovery Environment (WinRE) to be protected from this vulnerability. Please refer to the FAQ section for more information. Guidance for customers who cannot immediately implement the update is provided in the <strong>Recommended Actions</strong> section of this CVE to help reduce the risks associated with this vulnerability and to protect their systems.</p> <p>If there are any further updates regarding mitigations for this vulnerability, this CVE will be updated and customers will be notified. We highly encourage customers to <a href="https://www.microsoft.com/en-us/msrc/technical-security-notifications?rtc=1">subscribe</a> to Security Update Guide notifications to receive an alert if an update occurs.</p> <p>Microsoft is not aware of any attempts to exploit this vulnerability. However, a public presentation regarding this vulnerability was hosted at BlackHat on August 7, 2024. The presentation was appropriately coordinated with Microsoft but may change the threat landscape. Customers concerned with these risks should reference the guidance provided in the <strong>Recommended Actions</strong> section to protect their systems.</p> <h2 id="recommended-actions">Recommended Actions</h2> <p>The following recommendations do not mitigate the vulnerability but can be used to reduce the risk of exploitation until the security update is available.</p> <ul> <li><p>Configure “Audit Object Access” settings to monitor attempts to access files, such as handle creation, read / write operations, or modifications to security descriptors.</p> <ul> <li><a href="https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/auditing/audit-file-system">Audit File System - Windows 10 | Microsoft Learn</a></li> <li><a href="https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder">Apply a basic audit policy on a file or folder - Windows 10 | Microsoft Learn</a></li> </ul> </li> <li><p>Audit users with permission to perform Update and Restore operations to ensure only the appropriate users can perform these operations.</p> <ul> <li><a href="https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege">Audit: Audit the use of Backup and Restore privilege (Windows 10) - Windows 10 | Microsoft Learn</a></li> </ul> </li> <li><p>Implement an Access Control List or Discretionary Access Control Lists to restrict the access or modification of Update files and perform Restore operations to appropriate users, for example administrators only.</p> <ul> <li><a href="https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/auditing/audit-sensitive-privilege-use">Access Control overview | Microsoft Learn</a></li> <li><a href="https://learn.microsoft.com/en-us/windows/win32/secbp/creating-a-dacl">Discretionary Access Control Lists (DACL)</a></li> </ul> </li> <li><p>Auditing sensitive privileges used to identify access, modification, or replacement of Update related files could help indicate attempts to exploit this vulnerability.</p> <ul> <li><a href="https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/auditing/audit-sensitive-privilege-use">Audit Sensitive Privilege Use - Windows 10 | Microsoft Learn</a></li> </ul> </li> </ul> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>The attacker must have permissions to access the target's System directory to plant the malicious folder that would be used as part of the exploitation.</p> <p><strong>Are there additional steps that I need to take to be protected from this vulnerability?</strong></p> <p>Depending on the version of Windows you are running, you might need to take additional steps to update Windows Recovery Environment (WinRE) to be protected from this vulnerability.</p> <p>For the latest version of Windows the process of updating WinRE is now fully automated. The following versions of Windows require no additional steps as WinRE will be updated as a part of the Latest Cumulative Update if you are getting updates from Windows Update and WSUS:</p> <ul> <li>Windows 11 Version 24H2 for x64-based Systems</li> <li>Windows 11 Version 24H2 for ARM64-based Systems</li> <li>Windows 11 Version 23H2 for x64-based Systems</li> <li>Windows 11 Version 23H2 for ARM64-based Systems</li> <li>Windows 11 Version 22H2 for x64-based Systems</li> <li>Windows 11 Version 22H2 for ARM64-based Systems</li> </ul> <p>For the following versions of Windows, the WinRE updates listed are available. These updates automatically apply the latest Safe OS Dynamic Update to WinRE from the running Windows OS:</p> <ul> <li>Windows Server 2022 (Server Core installation) (<a href="https://support.microsoft.com/help/5046399">KB5046399: Windows Recovery Environment update for Azure Stack HCI, version 22H2 and Windows Server 2022: October 8, 2024</a>)</li> <li>Windows Server 2022 (<a href="https://support.microsoft.com/help/5046399">KB5046399: Windows Recovery Environment update for Azure Stack HCI, version 22H2 and Windows Server 2022: October 8, 2024</a>)</li> <li>Windows Server 2022, 23H2 Edition (Server Core installation) (<a href="https://support.microsoft.com/help/5046399">KB5046399: Windows Recovery Environment update for Azure Stack HCI, version 22H2 and Windows Server 2022: October 8, 2024</a>)</li> <li>Windows 11 version 21H2 for x64-based Systems (<a href="https://support.microsoft.com/help/5046398">KB5046398: Windows Recovery Environment update for Windows 11, version 21H2: October 8, 2024</a>)</li> <li>Windows 10 Version 22H2 for x64-based Systems (<a href="https://support.microsoft.com/help/5046400">KB5046400: Windows Recovery Environment update for Windows 10, version 21H2 and 22H2: October 8, 2024</a>)</li> <li>Windows 10 Version 22H2 for 32-bit Systems (<a href="https://support.microsoft.com/help/5046400">KB5046400: Windows Recovery Environment update for Windows 10, version 21H2 and 22H2: October 8, 2024</a>)</li> <li>Windows 10 Version 21H2 for x64-based Systems (<a href="https://support.microsoft.com/help/5046400">KB5046400: Windows Recovery Environment update for Windows 10, version 21H2 and 22H2: October 8, 2024</a>)</li> <li>Windows 10 Version 21H2 for 32-bit Systems (<a href="https://support.microsoft.com/help/5046400">KB5046400: Windows Recovery Environment update for Windows 10, version 21H2 and 22H2: October 8, 2024</a>)</li> </ul> <p>As an alternative to updates provided in the preceding list or if your version of Windows is not listed, you can download the latest Windows Safe OS Dynamic Update from the <a href="https://www.catalog.update.microsoft.com/Search.aspx?q=Windows%20Safe%20OS%20Dynamic%20Update">Microsoft Update Catalog</a> then apply the WinRE update. For more information reference <a href="https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/add-update-to-winre?view=windows-11">Add an update package to Windows RE</a>. To automate your installation, Microsoft has developed a sample script that can help with updating WinRE from the running Windows OS. Please see <a href="https://support.microsoft.com/en-us/topic/kb5034957-updating-the-winre-partition-on-deployed-devices-to-address-security-vulnerabilities-in-cve-2024-20666-0190331b-1ca3-42d8-8a55-7fc406910c10">KB5034957: Updating the WinRE partition on deployed devices to address security vulnerabilities in CVE-2024-20666</a> for more information.</p> <p><strong>How do I check whether WinRE has successfully updated?</strong></p> <p>Use DISM /Get-Packages on a mounted WinRE image to ensure the latest Safe OS Dynamic Update package is present. For more information, see <a href="https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/add-update-to-winre?view=windows-11#check-the-winre-image-version">Check the WinRE image version</a>.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What does that mean for this vulnerability?</strong></p> <p>To successfully exploit this vulnerability, an attacker must convince or trick an administrative user into performing a system restore.</p> Windows Update Stack Microsoft Yes CVE-2024-38202 Improper Access Control 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely 7.3 6.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C 11568 7.3 6.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C 11569 7.3 6.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C 11571 7.3 6.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C 11572 7.3 6.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C 11923 7.3 6.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C 11924 7.3 6.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C 11926 7.3 6.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C 11927 7.3 6.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C 11929 7.3 6.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C 11930 7.3 6.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C 11931 7.3 6.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C 12085 7.3 6.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C 12086 7.3 6.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C 12097 7.3 6.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C 12098 7.3 6.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C 12099 7.3 6.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C 12242 7.3 6.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C 12243 7.3 6.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C 12244 7.3 6.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C 10852 7.3 6.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C 10853 7.3 6.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C 10816 7.3 6.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C 10855 5044277 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5044277 5043050 11568 11569 11571 11572 Yes Security Update 10.0.17763.6414 https://support.microsoft.com/help/5044277 11568 11569 11571 11572 5044277 5044277 https://support.microsoft.com/help/5044277 11568 11569 11571 11572 5044281 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5044281 5042881 11923 11924 Yes Security Update 10.0.20348.2762 https://support.microsoft.com/help/5044281 11923 11924 5044281 5044281 https://support.microsoft.com/help/5044281 11923 11924 5044280 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5044280 5043067 11926 11927 Yes Security Update 10.0.22000.3260 https://support.microsoft.com/help/5044280 11926 11927 5044280 5044273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5044273 5043064 11929 11930 11931 Yes Security Update 10.0.19044.5011 https://support.microsoft.com/help/5044273 11929 11930 11931 5044273 5044273 https://support.microsoft.com/help/5044273 11929 11930 11931 12097 12098 12099 5044285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5044285 5043076 12085 12086 Yes Security Update 10.0.22621.4317 https://support.microsoft.com/help/5044285 12085 12086 5044285 5044273 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5044273 5043064 12097 12098 12099 Yes Security Update 10.0.19045.5011 https://support.microsoft.com/help/5044273 12097 12098 12099 5044273 5044285 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5044285 5043076 12242 12243 Yes Security Update 10.0.22631.4317 https://support.microsoft.com/help/5044285 12242 12243 5044285 5044288 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5044288 5043055 12244 Yes Security Update 10.0.25398.1189 https://support.microsoft.com/help/5044288 12244 5044288 5044288 https://support.microsoft.com/help/5044288 12244 5044293 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5044293 5043051 10852 10853 10816 10855 Yes Security Update 10.0.14393.7428 https://support.microsoft.com/help/5044293 10852 10853 10816 10855 5044293 <a href="https://twitter.com/_0xdeku">Alon Leviev</a> with <a href="https://safebreach.com/">SafeBreach</a> 1.0 2024-08-07T07:00:00 <p>Information published.</p> 1.1 2024-08-08T07:00:00 <p>Added an additional recommended action option and edited the details of a separate recommended action in the CVE Executive Summary.</p> 2.0 2024-10-08T07:00:00 <p>To address this elevation of privilege vulnerability Microsoft has released October 2024 security updates for all affected versions of Windows. Microsoft recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action. In addition, depending on the version of Windows you are running, you might need to take additional steps to update Windows Recovery Environment (WinRE) to be protected from this vulnerability. Please refer to the FAQ section for more information.</p> 2.1 2024-10-15T07:00:00 <p>Executive Summary revised to correct the availability status of security updates which mitigate this vulnerability as they were released October 08, 2024 and are provided in the Security Updates table of this CVE. This is an informational change only.</p> Windows DNS Spoofing Vulnerability Microsoft Windows DNS Microsoft Yes CVE-2024-37968 Insufficient Verification of Data Authenticity 11571 11572 11923 11924 12244 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Spoofing 11571 Spoofing 11572 Spoofing 11923 Spoofing 11924 Spoofing 12244 Spoofing 10816 Spoofing 10855 Spoofing 9312 Spoofing 10287 Spoofing 9318 Spoofing 9344 Spoofing 10051 Spoofing 10049 Spoofing 10378 Spoofing 10379 Spoofing 10483 Spoofing 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12244 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11571 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11572 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11923 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11924 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12244 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10816 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10855 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 9312 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10287 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 9318 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 9344 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10051 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10049 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10378 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10379 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10483 7.5 6.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10543 5041578 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578 5040430 11571 11572 Yes Security Update 10.0.17763.6189 https://support.microsoft.com/help/5041578 11571 11572 5041578 5041578 https://support.microsoft.com/help/5041578 11571 11572 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041773 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773 5040434 10816 10855 Yes Security Update 10.0.14393.7259 https://support.microsoft.com/help/5041773 10816 10855 5041773 5041773 https://support.microsoft.com/help/5041773 10816 10855 5041850 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041850 5040499 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22825 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041850 5041850 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041847 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041847 9312 10287 9318 9344 Yes Security Only 6.0.6003.22825 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041847 5041847 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041838 5040497 10051 10049 Yes Monthly Rollup 6.1.7601.27277 https://support.microsoft.com/help/5041838 10051 10049 5041838 5041838 https://support.microsoft.com/help/5041838 10051 10049 5041823 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041823 10051 10049 Yes Security Only 6.1.7601.27277 https://support.microsoft.com/help/5041823 10051 10049 5041823 5041851 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041851 5040485 10378 10379 Yes Monthly Rollup 6.2.9200.25031 https://support.microsoft.com/help/5041851 10378 10379 5041851 5041851 https://support.microsoft.com/help/5041851 10378 10379 5041828 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041828 5040456 10483 10543 Yes Monthly Rollup 6.3.9600.22134 https://support.microsoft.com/help/5041828 10483 10543 5041828 5041828 https://support.microsoft.com/help/5041828 10483 10543 Yunyi Zhang with NUDT 1.0 2024-08-13T07:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), integrity (I:L) and availability (A:L). What does that mean for this vulnerability?</strong></p> <p>This vulnerability could allow an attacker to disclose information and affect the integrity and availability of the system.</p> <p><strong>Why is the severity for this CVE rated as Moderate, but the CVSS score is higher than normal?</strong></p> <p><a href="https://www.microsoft.com/en-us/msrc/bounty-new-edge">Per our severity guidelines</a>, the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity, specifically it says, &quot;If a bug requires more than a click, a key press, or several preconditions, the severity will be downgraded&quot;. The CVSS scoring system doesn't allow for this type of nuance.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>This vulnerability could lead to a browser sandbox escape.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> <p>Additionally, an attacker could convince a local user to open a malicious file. The attacker would have to convince the user to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>127.0.2651.105</td> <td>127.0.6533.120</td> <td>8/15/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2024-43472 Use After Free 11655 Elevation of Privilege 11655 Moderate 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 5.8 5.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 127.0.2651.105 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes osarc with VRI 1.0 2024-08-15T07:00:00 <p>Information published.</p> Chromium: CVE-2024-7975 Inappropriate implementation in Permissions <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>128.0.2739.42</td> <td>128.0.6613.84/.85</td> <td>8/22/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-7975 11655 11655 11655 Release Notes 11655 No Security Update 128.0.2739.42 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-08-22T07:00:00 <p>Information published.</p> Chromium: CVE-2024-7976 Inappropriate implementation in FedCM <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>128.0.2739.42</td> <td>128.0.6613.84/.85</td> <td>8/22/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-7976 11655 11655 11655 Release Notes 11655 No Security Update 128.0.2739.42 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-08-22T07:00:00 <p>Information published.</p> Chromium: CVE-2024-7973 Heap buffer overflow in PDFium <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>128.0.2739.42</td> <td>128.0.6613.84/.85</td> <td>8/22/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-7973 11655 11655 11655 Release Notes 11655 No Security Update 128.0.2739.42 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-08-22T07:00:00 <p>Information published.</p> Chromium: CVE-2024-7979 Insufficient data validation in Installer <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>128.0.2739.42</td> <td>128.0.6613.84/.85</td> <td>8/22/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-7979 11655 11655 11655 Release Notes 11655 No Security Update 128.0.2739.42 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-08-22T07:00:00 <p>Information published.</p> Chromium: CVE-2024-7972 Inappropriate implementation in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>128.0.2739.42</td> <td>128.0.6613.84/.85</td> <td>8/22/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-7972 11655 11655 11655 Release Notes 11655 No Security Update 128.0.2739.42 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-08-22T07:00:00 <p>Information published.</p> Chromium: CVE-2024-7978 Insufficient policy enforcement in Data Transfer <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>128.0.2739.42</td> <td>128.0.6613.84/.85</td> <td>8/22/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-7978 11655 11655 11655 Release Notes 11655 No Security Update 128.0.2739.42 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-08-22T07:00:00 <p>Information published.</p> Chromium: CVE-2024-7977 Insufficient data validation in Installer <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>128.0.2739.42</td> <td>128.0.6613.84/.85</td> <td>8/22/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-7977 11655 11655 11655 Release Notes 11655 No Security Update 128.0.2739.42 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-08-22T07:00:00 <p>Information published.</p> Chromium: CVE-2024-7974 Insufficient data validation in V8 API <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>128.0.2739.42</td> <td>128.0.6613.84/.85</td> <td>8/22/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-7974 11655 11655 11655 Release Notes 11655 No Security Update 128.0.2739.42 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-08-22T07:00:00 <p>Information published.</p> Windows Secure Kernel Mode Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> Windows Secure Kernel Mode Microsoft Yes CVE-2024-38142 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 12389 12390 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 12389 Elevation of Privilege 12390 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 12389 Important 12390 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 5041578 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578 5040430 11568 11569 11571 11572 Yes Security Update 10.0.17763.6189 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041578 5041578 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041592 5040431 11926 11927 Yes Security Update 10.0.22000.3147 https://support.microsoft.com/help/5041592 11926 11927 5041592 5041592 https://support.microsoft.com/help/5041592 11926 11927 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 11929 11930 11931 Yes Security Update 10.0.19044.4780 https://support.microsoft.com/help/5041580 11929 11930 11931 5041580 5041580 https://support.microsoft.com/help/5041580 11929 11930 11931 12097 12098 12099 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12085 12086 Yes Security Update 10.0.22621.4037 https://support.microsoft.com/help/5041585 12085 12086 5041585 5041585 https://support.microsoft.com/help/5041585 12085 12086 12242 12243 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 12097 12098 12099 Yes Security Update 10.0.19045.4780 https://support.microsoft.com/help/5041580 12097 12098 12099 5041580 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12242 12243 Yes Security Update 10.0.22631.4037 https://support.microsoft.com/help/5041585 12242 12243 5041585 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041782 5040448 10729 10735 Yes Security Update 10.0.10240.20751 https://support.microsoft.com/help/5041782 10729 10735 5041782 5041782 https://support.microsoft.com/help/5041782 10729 10735 5041773 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773 5040434 10852 10853 10816 10855 Yes Security Update 10.0.14393.7259 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041773 5041773 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041571 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571 5040435 12389 12390 Yes Security Update 10.0.26100.1457 https://support.microsoft.com/help/5041571 12389 12390 5041571 5041571 https://support.microsoft.com/help/5041571 12389 12390 Maxime Villard, of M.O.R.S.E. 1.0 2024-08-13T07:00:00 <p>Information published.</p> Windows Kernel Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?</strong></p> <p>The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.</p> Windows Kernel Microsoft Yes CVE-2024-38153 Time-of-check Time-of-use (TOCTOU) Race Condition 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 12389 12390 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Elevation of Privilege 12389 Elevation of Privilege 12390 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Important 12389 Important 12390 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 5041578 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041578 5040430 11568 11569 11571 11572 Yes Security Update 10.0.17763.6189 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041578 5041578 https://support.microsoft.com/help/5041578 11568 11569 11571 11572 5041160 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041160 5040437 11923 11924 Yes Security Update 10.0.20348.2655 https://support.microsoft.com/help/5041160 11923 11924 5041160 5041160 https://support.microsoft.com/help/5041160 11923 11924 5041592 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041592 5040431 11926 11927 Yes Security Update 10.0.22000.3147 https://support.microsoft.com/help/5041592 11926 11927 5041592 5041592 https://support.microsoft.com/help/5041592 11926 11927 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 11929 11930 11931 Yes Security Update 10.0.19044.4780 https://support.microsoft.com/help/5041580 11929 11930 11931 5041580 5041580 https://support.microsoft.com/help/5041580 11929 11930 11931 12097 12098 12099 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12085 12086 Yes Security Update 10.0.22621.4037 https://support.microsoft.com/help/5041585 12085 12086 5041585 5041585 https://support.microsoft.com/help/5041585 12085 12086 12242 12243 5041580 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041580 5040427 12097 12098 12099 Yes Security Update 10.0.19045.4780 https://support.microsoft.com/help/5041580 12097 12098 12099 5041580 5041585 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041585 5040442 12242 12243 Yes Security Update 10.0.22631.4037 https://support.microsoft.com/help/5041585 12242 12243 5041585 5041573 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041573 5040438 12244 Yes Security Update 10.0.25398.1085 https://support.microsoft.com/help/5041573 12244 5041573 5041782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041782 5040448 10729 10735 Yes Security Update 10.0.10240.20751 https://support.microsoft.com/help/5041782 10729 10735 5041782 5041782 https://support.microsoft.com/help/5041782 10729 10735 5041773 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041773 5040434 10852 10853 10816 10855 Yes Security Update 10.0.14393.7259 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041773 5041773 https://support.microsoft.com/help/5041773 10852 10853 10816 10855 5041850 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041850 5040499 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22825 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041850 5041850 https://support.microsoft.com/help/5041850 9312 10287 9318 9344 5041847 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041847 9312 10287 9318 9344 Yes Security Only 6.0.6003.22825 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041847 5041847 https://support.microsoft.com/help/5041847 9312 10287 9318 9344 5041838 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041838 5040497 10051 10049 Yes Monthly Rollup 6.1.7601.27277 https://support.microsoft.com/help/5041838 10051 10049 5041838 5041838 https://support.microsoft.com/help/5041838 10051 10049 5041823 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041823 10051 10049 Yes Security Only 6.1.7601.27277 https://support.microsoft.com/help/5041823 10051 10049 5041823 5041851 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041851 5040485 10378 10379 Yes Monthly Rollup 6.2.9200.25031 https://support.microsoft.com/help/5041851 10378 10379 5041851 5041851 https://support.microsoft.com/help/5041851 10378 10379 5041828 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041828 5040456 10483 10543 Yes Monthly Rollup 6.3.9600.22134 https://support.microsoft.com/help/5041828 10483 10543 5041828 5041828 https://support.microsoft.com/help/5041828 10483 10543 5041571 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5041571 5040435 12389 12390 Yes Security Update 10.0.26100.1457 https://support.microsoft.com/help/5041571 12389 12390 5041571 5041571 https://support.microsoft.com/help/5041571 12389 12390 Maxime Villard, of M.O.R.S.E. 1.0 2024-08-13T07:00:00 <p>Information published.</p>