July 2024 Security Updates Security Update secure@microsoft.com The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc. 2024-Jul 2024-Jul Final 1.0 479 2026-05-17T14:51:12 July 2024 Security Updates 2024-07-09T07:00:00 2026-05-17T14:51:12 <h2 id="this-release-consists-of-the-following-143-microsoft-cves">This release consists of the following 143 Microsoft CVEs:</h2> <table> <thead> <tr> <th>Tag</th> <th>CVE</th> <th>Base Score</th> <th>CVSS Vector</th> <th>Exploitability</th> <th>FAQs?</th> <th>Workarounds?</th> <th>Mitigations?</th> </tr> </thead> <tbody> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-20701">CVE-2024-20701</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21303">CVE-2024-21303</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21308">CVE-2024-21308</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21317">CVE-2024-21317</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21331">CVE-2024-21331</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21332">CVE-2024-21332</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21333">CVE-2024-21333</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21335">CVE-2024-21335</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21373">CVE-2024-21373</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21398">CVE-2024-21398</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21414">CVE-2024-21414</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21415">CVE-2024-21415</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows CoreMessaging</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21417">CVE-2024-21417</a></td> <td>8.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21425">CVE-2024-21425</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21428">CVE-2024-21428</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21449">CVE-2024-21449</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Secure Boot</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-26184">CVE-2024-26184</a></td> <td>6.8</td> <td>CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Secure Boot</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-28899">CVE-2024-28899</a></td> <td>8.8</td> <td>CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-28928">CVE-2024-28928</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows MultiPoint Services</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-30013">CVE-2024-30013</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Dynamics</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-30061">CVE-2024-30061</a></td> <td>7.3</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Remote Access Connection Manager</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-30071">CVE-2024-30071</a></td> <td>4.7</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Remote Access Connection Manager</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-30079">CVE-2024-30079</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows NTLM</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-30081">CVE-2024-30081</a></td> <td>7.1</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Cryptographic Services</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-30098">CVE-2024-30098</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>.NET and Visual Studio</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-30105">CVE-2024-30105</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-32987">CVE-2024-32987</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-35256">CVE-2024-35256</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Network Watcher</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-35261">CVE-2024-35261</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>.NET and Visual Studio</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-35264">CVE-2024-35264</a></td> <td>8.1</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure DevOps</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-35266">CVE-2024-35266</a></td> <td>7.6</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure DevOps</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-35267">CVE-2024-35267</a></td> <td>7.6</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows iSCSI</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-35270">CVE-2024-35270</a></td> <td>5.3</td> <td>CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-35271">CVE-2024-35271</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-35272">CVE-2024-35272</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-37318">CVE-2024-37318</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-37319">CVE-2024-37319</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-37320">CVE-2024-37320</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-37321">CVE-2024-37321</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-37322">CVE-2024-37322</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-37323">CVE-2024-37323</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-37324">CVE-2024-37324</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-37326">CVE-2024-37326</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-37327">CVE-2024-37327</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-37328">CVE-2024-37328</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-37329">CVE-2024-37329</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-37330">CVE-2024-37330</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-37331">CVE-2024-37331</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-37332">CVE-2024-37332</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-37333">CVE-2024-37333</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-37334">CVE-2024-37334</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-37336">CVE-2024-37336</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Secure Boot</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-37969">CVE-2024-37969</a></td> <td>8.0</td> <td>CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Secure Boot</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-37970">CVE-2024-37970</a></td> <td>8.0</td> <td>CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Secure Boot</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-37971">CVE-2024-37971</a></td> <td>8.0</td> <td>CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Secure Boot</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-37972">CVE-2024-37972</a></td> <td>8.0</td> <td>CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Secure Boot</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-37973">CVE-2024-37973</a></td> <td>8.4</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Secure Boot</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-37974">CVE-2024-37974</a></td> <td>8.0</td> <td>CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Secure Boot</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-37975">CVE-2024-37975</a></td> <td>8.0</td> <td>CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Secure Boot</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-37977">CVE-2024-37977</a></td> <td>8.0</td> <td>CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Secure Boot</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-37978">CVE-2024-37978</a></td> <td>8.0</td> <td>CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Secure Boot</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-37981">CVE-2024-37981</a></td> <td>8.0</td> <td>CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Secure Boot</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-37984">CVE-2024-37984</a></td> <td>8.4</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Secure Boot</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-37986">CVE-2024-37986</a></td> <td>8.0</td> <td>CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Secure Boot</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-37987">CVE-2024-37987</a></td> <td>8.0</td> <td>CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Secure Boot</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-37988">CVE-2024-37988</a></td> <td>8.0</td> <td>CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Secure Boot</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-37989">CVE-2024-37989</a></td> <td>8.0</td> <td>CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Secure Boot</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38010">CVE-2024-38010</a></td> <td>8.0</td> <td>CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Secure Boot</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38011">CVE-2024-38011</a></td> <td>8.0</td> <td>CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Server Backup</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38013">CVE-2024-38013</a></td> <td>6.7</td> <td>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Remote Desktop</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38015">CVE-2024-38015</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Message Queuing</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38017">CVE-2024-38017</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Performance Monitor</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38019">CVE-2024-38019</a></td> <td>7.2</td> <td>CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office Outlook</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38020">CVE-2024-38020</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38021">CVE-2024-38021</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Image Acquisition</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38022">CVE-2024-38022</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38023">CVE-2024-38023</a></td> <td>7.2</td> <td>CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38024">CVE-2024-38024</a></td> <td>7.2</td> <td>CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Performance Monitor</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38025">CVE-2024-38025</a></td> <td>7.2</td> <td>CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Line Printer Daemon Service (LPD)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38027">CVE-2024-38027</a></td> <td>6.5</td> <td>CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Performance Monitor</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38028">CVE-2024-38028</a></td> <td>7.2</td> <td>CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Themes</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38030">CVE-2024-38030</a></td> <td>6.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows Online Certificate Status Protocol (OCSP)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38031">CVE-2024-38031</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>XBox Crypto Graphic Services</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38032">CVE-2024-38032</a></td> <td>7.1</td> <td>CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows PowerShell</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38033">CVE-2024-38033</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Filtering</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38034">CVE-2024-38034</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Kernel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38041">CVE-2024-38041</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows PowerShell</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38043">CVE-2024-38043</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows DHCP Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38044">CVE-2024-38044</a></td> <td>7.2</td> <td>CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows PowerShell</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38047">CVE-2024-38047</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>NDIS</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38048">CVE-2024-38048</a></td> <td>6.5</td> <td>CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Distributed Transaction Coordinator</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38049">CVE-2024-38049</a></td> <td>6.6</td> <td>CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Workstation Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38050">CVE-2024-38050</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Graphics Component</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38051">CVE-2024-38051</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Streaming Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38052">CVE-2024-38052</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Internet Connection Sharing (ICS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38053">CVE-2024-38053</a></td> <td>8.8</td> <td>CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Streaming Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38054">CVE-2024-38054</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Windows Codecs Library</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38055">CVE-2024-38055</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Windows Codecs Library</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38056">CVE-2024-38056</a></td> <td>5.5</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Streaming Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38057">CVE-2024-38057</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows BitLocker</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38058">CVE-2024-38058</a></td> <td>6.8</td> <td>CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Win32K - ICOMP</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38059">CVE-2024-38059</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Windows Codecs Library</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38060">CVE-2024-38060</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Role: Active Directory Certificate Services; Active Directory Domain Services</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38061">CVE-2024-38061</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows Kernel-Mode Drivers</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38062">CVE-2024-38062</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows TCP/IP</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38064">CVE-2024-38064</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Secure Boot</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38065">CVE-2024-38065</a></td> <td>6.8</td> <td>CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Win32K - GRFX</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38066">CVE-2024-38066</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Online Certificate Status Protocol (OCSP)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38067">CVE-2024-38067</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Online Certificate Status Protocol (OCSP)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38068">CVE-2024-38068</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Enroll Engine</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38069">CVE-2024-38069</a></td> <td>7.0</td> <td>CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows LockDown Policy (WLDP)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38070">CVE-2024-38070</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Remote Desktop Licensing Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38071">CVE-2024-38071</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Remote Desktop Licensing Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38072">CVE-2024-38072</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Remote Desktop Licensing Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38073">CVE-2024-38073</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Remote Desktop Licensing Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38074">CVE-2024-38074</a></td> <td>9.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Active Directory Federation Services</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38075">CVE-2024-38075</a></td> <td>7.4</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Remote Desktop</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38076">CVE-2024-38076</a></td> <td>9.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Windows Remote Desktop Licensing Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38077">CVE-2024-38077</a></td> <td>9.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>XBox Crypto Graphic Services</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38078">CVE-2024-38078</a></td> <td>7.5</td> <td>CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Graphics Component</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38079">CVE-2024-38079</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Role: Windows Hyper-V</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38080">CVE-2024-38080</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Detected</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>.NET and Visual Studio</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38081">CVE-2024-38081</a></td> <td>7.3</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Win32 Kernel Subsystem</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38085">CVE-2024-38085</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure Kinect SDK</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38086">CVE-2024-38086</a></td> <td>6.4</td> <td>CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38087">CVE-2024-38087</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>SQL Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38088">CVE-2024-38088</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Defender for IoT</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38089">CVE-2024-38089</a></td> <td>9.1</td> <td>CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft WS-Discovery</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38091">CVE-2024-38091</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Azure CycleCloud</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38092">CVE-2024-38092</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Office SharePoint</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38094">CVE-2024-38094</a></td> <td>7.2</td> <td>CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>.NET and Visual Studio</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38095">CVE-2024-38095</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Remote Desktop Licensing Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38099">CVE-2024-38099</a></td> <td>5.9</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows COM Session</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38100">CVE-2024-38100</a></td> <td>7.8</td> <td>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation More Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Internet Connection Sharing (ICS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38101">CVE-2024-38101</a></td> <td>6.5</td> <td>CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Internet Connection Sharing (ICS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38102">CVE-2024-38102</a></td> <td>6.5</td> <td>CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38103">CVE-2024-38103</a></td> <td>5.9</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Fax and Scan Service</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38104">CVE-2024-38104</a></td> <td>8.8</td> <td>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows Internet Connection Sharing (ICS)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38105">CVE-2024-38105</a></td> <td>6.5</td> <td>CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Windows MSHTML Platform</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38112">CVE-2024-38112</a></td> <td>7.5</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C</td> <td>Exploitation Detected</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38156">CVE-2024-38156</a></td> <td>6.1</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>GroupMe</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38164">CVE-2024-38164</a></td> <td>9.6</td> <td>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>N/A</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>GroupMe</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38176">CVE-2024-38176</a></td> <td>8.1</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>N/A</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Microsoft Dynamics</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38182">CVE-2024-38182</a></td> <td>9.0</td> <td>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C</td> <td>Exploitation Less Likely</td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> </tbody> </table> <h2 id="we-are-republishing-30-non-microsoft-cves">We are republishing 30 non-Microsoft CVEs:</h2> <table> <thead> <tr> <th>CNA</th> <th>Tag</th> <th>CVE</th> <th>FAQs?</th> <th>Workarounds?</th> <th>Mitigations?</th> </tr> </thead> <tbody> <tr> <td>CERT/CC</td> <td>NPS RADIUS Server</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-3596">CVE-2024-3596</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Intel</td> <td>Intel</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-37985">CVE-2024-37985</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>GitHub</td> <td>Active Directory Rights Management Services</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38517">CVE-2024-38517</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Adobe Systems Incorporated</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-39379">CVE-2024-39379</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Github</td> <td>Active Directory Rights Management Services</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-39684">CVE-2024-39684</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Red Hat, Inc.</td> <td>Open Source Software</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-6387">CVE-2024-6387</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-6772">CVE-2024-6772</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-6773">CVE-2024-6773</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-6774">CVE-2024-6774</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-6775">CVE-2024-6775</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-6776">CVE-2024-6776</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-6777">CVE-2024-6777</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-6778">CVE-2024-6778</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-6779">CVE-2024-6779</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-6988">CVE-2024-6988</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-6989">CVE-2024-6989</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-6991">CVE-2024-6991</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-6992">CVE-2024-6992</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-6993">CVE-2024-6993</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-6994">CVE-2024-6994</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-6995">CVE-2024-6995</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-6996">CVE-2024-6996</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-6997">CVE-2024-6997</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-6998">CVE-2024-6998</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-6999">CVE-2024-6999</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-7000">CVE-2024-7000</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-7001">CVE-2024-7001</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-7003">CVE-2024-7003</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-7004">CVE-2024-7004</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> <tr> <td>Chrome</td> <td>Microsoft Edge (Chromium-based)</td> <td><a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-7005">CVE-2024-7005</a></td> <td><strong>Yes</strong></td> <td>No</td> <td>No</td> </tr> </tbody> </table> <h2 id="security-update-guide-blog-posts">Security Update Guide Blog Posts</h2> <table> <thead> <tr> <th>Date</th> <th>Blog Post</th> </tr> </thead> <tbody> <tr> <td>June 27, 2024</td> <td><a href="https://msrc.microsoft.com/blog/2024/06/toward-greater-transparency-unveiling-cloud-service-cves/">Toward greater transparency: Unveiling Cloud Service CVEs</a></td> </tr> <tr> <td>April 9, 2024</td> <td><a href="https://aka.ms/MSRC-CWE-Blog">Toward greater transparency: Security Update Guide now shares CWEs for CVEs</a></td> </tr> <tr> <td>January 6, 2023</td> <td><a href="https://msrc.microsoft.com/blog/2023/01/publishing-cbl-mariner-cves-on-the-security-update-guide-cvrf-api/">Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API</a></td> </tr> <tr> <td>January 11, 2022</td> <td><a href="https://aka.ms/SUGNotificationProfile">Coming Soon: New Security Update Guide Notification System</a></td> </tr> <tr> <td>February 9, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/02/09/continuing-to-listen-good-news-about-the-security-update-guide-api/">Continuing to Listen: Good News about the Security Update Guide API</a></td> </tr> <tr> <td>January 13, 2021</td> <td><a href="https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/">Security Update Guide Supports CVEs Assigned by Industry Partners</a></td> </tr> <tr> <td>December 8, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/12/08/security-update-guide-lets-keep-the-conversation-going/">Security Update Guide: Let’s keep the conversation going</a></td> </tr> <tr> <td>November 9, 2020</td> <td><a href="https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/">Vulnerability Descriptions in the New Version of the Security Update Guide</a></td> </tr> </tbody> </table> <h2 id="relevant-resources">Relevant Resources</h2> <ul> <li>The new Hotpatching feature is now generally available. Please see <a href="https://docs.microsoft.com/en-us/azure/automanage/automanage-hotpatch?WT.mc_id=modinfra-18529-thmaure">Hotpatching feature for Windows Server Azure Edition virtual machines (VMs)</a> for more information.</li> <li>Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and Windows 11, in addition to non-security updates. The updates are available via the <a href="https://www.catalog.update.microsoft.com/Home.aspx">Microsoft Update Catalog</a>. For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see <a href="https://docs.microsoft.com/en-us/lifecycle/faq/windows">Windows Lifecycle Facts Sheet</a>.</li> <li>Microsoft is improving Windows Release Notes. For more information, please see <a href="https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-next-for-windows-release-notes/ba-p/1754399">What's next for Windows release notes</a>.</li> <li>A list of the latest servicing stack updates for each operating system can be found in <a href="https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001">ADV990001</a>. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.</li> <li>In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.</li> <li>Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See <a href="https://support.microsoft.com/en-us/topic/procedure-to-continue-receiving-security-updates-after-extended-support-ends-on-january-14-2020-48c59204-fe67-3f42-84fc-c3c3145ff28e">4522133</a> for more information.</li> </ul> <h2 id="known-issues">Known Issues</h2> <p>You can see these in more detail from the Deployments tab by selecting <strong>Known Issues</strong> column in the <strong>Edit Columns</strong> panel.</p> <p>For more information about Windows Known Issues, please see <a href="https://docs.microsoft.com/en-us/windows/release-information/windows-message-center">Windows message center</a> (links to currently-supported versions of Windows are in the left pane).</p> <table> <thead> <tr> <th>KB Article</th> <th>Applies To</th> </tr> </thead> <tbody> <tr> <td><a href="https://support.microsoft.com/help/5002615">5002615</a></td> <td>Microsoft SharePoint Server 2019</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5002618">5002618</a></td> <td>Microsoft SharePoint Enterprise Server 2016</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5040427">5040427</a></td> <td>Windows 10, version 21H2, Windows 10, version 22H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5040431">5040431</a></td> <td>Windows 11, version 21H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5040437">5040437</a></td> <td>Windows Server 2022</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5040442">5040442</a></td> <td>Windows 11, version 22H2, Windows 11, version 23H2</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5040490">5040490</a></td> <td>Windows Server 2008 (Security-only update)</td> </tr> <tr> <td><a href="https://support.microsoft.com/help/5040499">5040499</a></td> <td>Windows Server 2008 (Monthly Rollup)</td> </tr> </tbody> </table> The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Microsoft Dynamics 365 (on-premises) version 9.1 Dynamics 365 Field Service (on-premises) v7 series Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 11 version 21H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2025 (Server Core installation) Windows 11 Version 24H2 for ARM64-based Systems Windows 11 Version 24H2 for x64-based Systems Windows Server 2025 Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems .NET 6.0 .NET 8.0 Microsoft Visual Studio 2022 version 17.4 Microsoft Visual Studio 2022 version 17.8 Microsoft Visual Studio 2022 version 17.10 Microsoft Visual Studio 2022 version 17.6 Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Microsoft Visual Studio 2022 version 17.11 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022, 23H2 Edition (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for x64-based Systems Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft .NET Framework 4.6/4.6.2 on Windows 10 for 32-bit Systems Microsoft .NET Framework 4.6/4.6.2 on Windows 10 for x64-based Systems Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 Microsoft .NET Framework 3.5 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 3.5 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 3.5 on Windows Server 2012 Microsoft .NET Framework 3.5 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 3.5 on Windows Server 2012 R2 Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems Microsoft .NET Framework 4.8 on Windows Server 2016 Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2012 Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.8 on Windows Server 2012 R2 Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1607 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1607 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2016 Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2016 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) PowerShell 7.4 PowerShell 7.2 Microsoft SQL Server 2017 for x64-based Systems (GDR) Microsoft SQL Server 2019 for x64-based Systems (GDR) Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack Microsoft SQL Server 2017 for x64-based Systems (CU 31) Microsoft SQL Server 2022 for x64-based Systems (GDR) Microsoft SQL Server 2022 for x64-based Systems (CU 13) Microsoft SQL Server 2019 for x64-based Systems (CU 27) Microsoft OLE DB Driver 19 for SQL Server Microsoft OLE DB Driver 18 for SQL Server Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2019 Microsoft SharePoint Server Subscription Edition Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft Outlook 2016 (32-bit edition) Microsoft Outlook 2016 (64-bit edition) Azure Kinect SDK Azure Network Watcher VM Extension for Windows Azure DevOps Server 2022.1 Azure CycleCloud 7.9.10 Azure CycleCloud 8.2.0 Azure CycleCloud 8.0.0 Azure CycleCloud 8.6.0 Azure CycleCloud 7.9.0 Azure CycleCloud 7.9.3 Azure CycleCloud 7.9.1 Azure CycleCloud 7.9.9 Azure CycleCloud 7.9.8 Azure CycleCloud 7.9.11 Azure CycleCloud 8.0.1 Azure CycleCloud 7.9.2 Azure CycleCloud 7.9.6 Azure CycleCloud 7.9.4 Azure CycleCloud 7.9.5 Azure CycleCloud 7.9.7 Azure CycleCloud 8.0.2 Azure CycleCloud 8.1.1 Azure CycleCloud 8.2.1 Azure CycleCloud 8.1.0 Azure CycleCloud 8.2.2 Azure CycleCloud 8.3.0 Azure CycleCloud 8.4.1 Azure CycleCloud 8.4.0 Azure CycleCloud 8.4.2 Azure CycleCloud 8.5.0 Azure Kubernetes Service Node on Azure Linux Azure Kubernetes Service Node on Ubuntu Linux Azure Arc Resource Bridge on Azure Arc-enabled VMware vSphere Azure Arc Resource Bridge on Azure Arc-enabled System Center Virtual Machine Manager Azure Arc Resource Bridge on Azure Stack HCI Microsoft Defender for IoT GroupMe Microsoft Edge (Chromium-based) CBL Mariner 2.0 ARM CBL Mariner 2.0 x64 Azure Linux 3.0 x64 Azure Linux 3.0 ARM CBL Mariner 1.0 x64 CBL Mariner 1.0 ARM Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft Outlook 2016 (32-bit edition) Microsoft Outlook 2016 (64-bit edition) Windows Server 2016 Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 (Server Core installation) Microsoft SharePoint Enterprise Server 2016 Microsoft SQL Server 2017 for x64-based Systems (GDR) Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Microsoft Office 2019 for 32-bit editions Microsoft Office 2019 for 64-bit editions Microsoft SharePoint Server 2019 Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.8 on Windows Server 2012 Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2012 R2 Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 4.8 on Windows Server 2016 Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation) Microsoft Edge (Chromium-based) Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2016 Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1607 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1607 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2016 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation) Dynamics 365 Field Service (on-premises) v7 series Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft SQL Server 2019 for x64-based Systems (GDR) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) Azure CycleCloud 7.9.10 Azure CycleCloud 8.2.0 Microsoft Dynamics 365 (on-premises) version 9.1 Windows Server 2022 Windows Server 2022 (Server Core installation) Windows 11 version 21H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft SharePoint Server Subscription Edition Microsoft Defender for IoT PowerShell 7.2 .NET 6.0 Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 (Server Core installation) Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for 32-bit Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for ARM64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for x64-based Systems Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Azure CycleCloud 8.0.0 Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft Visual Studio 2022 version 17.4 Microsoft .NET Framework 4.6/4.6.2 on Windows 10 for 32-bit Systems Microsoft .NET Framework 4.6/4.6.2 on Windows 10 for x64-based Systems CBL Mariner 1.0 x64 CBL Mariner 1.0 ARM CBL Mariner 2.0 x64 CBL Mariner 2.0 ARM Microsoft SQL Server 2017 for x64-based Systems (CU 31) Microsoft SQL Server 2022 for x64-based Systems (GDR) Microsoft OLE DB Driver 19 for SQL Server Microsoft OLE DB Driver 18 for SQL Server Microsoft Visual Studio 2022 version 17.6 Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) .NET 8.0 PowerShell 7.4 Azure DevOps Server 2022.1 Microsoft Visual Studio 2022 version 17.8 Microsoft Visual Studio 2022 version 17.10 Azure CycleCloud 8.6.0 Microsoft SQL Server 2022 for x64-based Systems (CU 13) Microsoft SQL Server 2019 for x64-based Systems (CU 27) Azure Linux 3.0 x64 Azure Linux 3.0 ARM Azure Kinect SDK Azure Network Watcher VM Extension for Windows Azure CycleCloud 7.9.0 Azure CycleCloud 7.9.1 Azure CycleCloud 7.9.2 Azure CycleCloud 7.9.3 Azure CycleCloud 7.9.4 Azure CycleCloud 7.9.5 Azure CycleCloud 7.9.6 Azure CycleCloud 7.9.7 Azure CycleCloud 7.9.8 Azure CycleCloud 7.9.9 Azure CycleCloud 7.9.11 Azure CycleCloud 8.0.1 Azure CycleCloud 8.0.2 Azure CycleCloud 8.1.0 Azure CycleCloud 8.1.1 Azure CycleCloud 8.2.2 Azure CycleCloud 8.2.1 Azure CycleCloud 8.3.0 Azure CycleCloud 8.4.0 Azure CycleCloud 8.4.1 Azure CycleCloud 8.4.2 Azure CycleCloud 8.5.0 GroupMe Windows 11 Version 24H2 for ARM64-based Systems Windows 11 Version 24H2 for x64-based Systems Azure Arc Resource Bridge on Azure Arc-enabled VMware vSphere Azure Arc Resource Bridge on Azure Arc-enabled System Center Virtual Machine Manager Azure Arc Resource Bridge on Azure Stack HCI Azure Kubernetes Service Node on Azure Linux Azure Kubernetes Service Node on Ubuntu Linux Microsoft Visual Studio 2022 version 17.11 Windows Server 2025 Windows Server 2025 (Server Core installation) azl3 kernel 6.6.22.1-2 on Azure Linux 3.0 cbl2 kernel 5.15.186.1-1 on CBL Mariner 2.0 cbl2 python3 3.9.19-12 on CBL Mariner 2.0 cbl2 qemu 6.2.0-24 on CBL Mariner 2.0 cbl2 qemu 6.2.0-24 on CBL Mariner 2.0 cbl2 kernel 5.15.180.1-1 on CBL Mariner 2.0 cbl2 kernel 5.15.176.3-1 on CBL Mariner 2.0 cbl2 kernel 5.15.173.1-1 on CBL Mariner 2.0 cbl2 mysql 8.0.41-1 on CBL Mariner 2.0 cbl2 python-virtualenv 20.26.6-1 on CBL Mariner 2.0 cbl2 rust 1.72.0-10 on CBL Mariner 2.0 cbl2 kernel 5.15.167.1-1 on CBL Mariner 2.0 cbl2 mysql 8.0.40-1 on CBL Mariner 2.0 cbl2 kernel 5.15.162.2-1 on CBL Mariner 2.0 cbl2 kernel 5.15.162.2-1 on CBL Mariner 2.0 cbl2 mysql 8.0.36-1 on CBL Mariner 2.0 cbl2 kernel 5.15.164.1-1 on CBL Mariner 2.0 cbl2 kernel 5.15.164.1-1 on CBL Mariner 2.0 cbl2 kernel 5.15.163.1-1 on CBL Mariner 2.0 cbl2 rust 1.68.0-1 on CBL Mariner 2.0 cbl2 python-twisted 22.10.0-3 on CBL Mariner 2.0 cbl2 curl 8.8.0-1 on CBL Mariner 2.0 cbl2 moby-engine 24.0.9-7 on CBL Mariner 2.0 cbl2 httpd 2.4.62-1 on CBL Mariner 2.0 cbl2 python-idna 3.7-1 on CBL Mariner 2.0 cbl2 qt5-qtbase 5.12.11-13 on CBL Mariner 2.0 cbl2 httpd 2.4.61-1 on CBL Mariner 2.0 cbl2 telegraf 1.29.4-7 on CBL Mariner 2.0 cbl2 libcontainers-common 20210626-4 on CBL Mariner 2.0 cbl2 kernel 5.15.160.1-1 on CBL Mariner 2.0 cbl2 httpd 2.4.59-1 on CBL Mariner 2.0 cbl2 qt5-qtbase 5.12.11-15 on CBL Mariner 2.0 azl3 qemu 8.2.0-16 on Azure Linux 3.0 azl3 qemu 8.2.0-14 on Azure Linux 3.0 azl3 cmake 3.30.3-6 on Azure Linux 3.0 azl3 kernel 6.6.64.2-9 on Azure Linux 3.0 azl3 mysql 8.0.41-1 on Azure Linux 3.0 azl3 tensorflow 2.16.1-7 on Azure Linux 3.0 azl3 python3 3.12.3-5 on Azure Linux 3.0 azl3 cmake 3.30.3-4 on Azure Linux 3.0 azl3 curl 8.8.0-4 on Azure Linux 3.0 azl3 ruby 3.3.5-1 on Azure Linux 3.0 azl3 python3 3.12.9-1 on Azure Linux 3.0 azl3 mysql 8.0.40-1 on Azure Linux 3.0 azl3 cmake 3.30.3-2 on Azure Linux 3.0 azl3 curl 8.8.0-1 on Azure Linux 3.0 azl3 kernel 6.6.47.1-1 on Azure Linux 3.0 azl3 kernel 6.6.43.1-7 on Azure Linux 3.0 azl3 tensorflow 2.16.1-9 on Azure Linux 3.0 azl3 rubygem-rexml 3.3.4-1 on Azure Linux 3.0 azl3 ruby 3.3.3-2 on Azure Linux 3.0 azl3 kernel 6.6.35.1-5 on Azure Linux 3.0 azl3 python-twisted 22.10.0-3 on Azure Linux 3.0 azl3 orc 0.4.39-2 on Azure Linux 3.0 azl3 moby-engine 25.0.3-5 on Azure Linux 3.0 azl3 kernel 6.6.35.1-1 on Azure Linux 3.0 azl3 bind 9.20.0-1 on Azure Linux 3.0 azl3 qtbase 6.6.2-1 on Azure Linux 3.0 azl3 httpd 2.4.61-1 on Azure Linux 3.0 azl3 keepalived 2.3.1-1 on Azure Linux 3.0 azl3 httpd 2.4.62-1 on Azure Linux 3.0 azl3 gtk2 2.24.32-12 on Azure Linux 3.0 azl3 gtk3 3.24.28-10 on Azure Linux 3.0 azl3 python-setuptools 69.0.3-4 on Azure Linux 3.0 azl3 python-pip 24.2-1 on Azure Linux 3.0 azl3 exiv2 0.28.3-1 on Azure Linux 3.0 azl3 python-pip 24.0-2 on Azure Linux 3.0 azl3 python-idna 3.7-1 on Azure Linux 3.0 azl3 openssh 9.8p1-1 on Azure Linux 3.0 azl3 libcontainers-common 20240213-2 on Azure Linux 3.0 azl3 telegraf 1.31.0-2 on Azure Linux 3.0 azl3 golang 1.22.5-1 on Azure Linux 3.0 azl3 rubygem-rexml 3.2.8-1 on Azure Linux 3.0 azl3 libcontainers-common 20240213-3 on Azure Linux 3.0 cbl2 kernel 5.15.147.1-1 on CBL Mariner 2.0 cbl2 golang 1.21.0-1 on CBL Mariner 2.0 cbl2 msft-golang 1.21.0-1 on CBL Mariner 2.0 azl3 golang 1.21.0-1 on Azure Linux 3.0 azl3 bind 9.19.21-1 on Azure Linux 3.0 azl3 openssh 9.7p1-1 on Azure Linux 3.0 azl3 python-twisted 22.10.0-4 on Azure Linux 3.0 azl3 gcc 13.2.0-7 on Azure Linux 3.0 cbl2 golang 1.22.7-3 on CBL Mariner 2.0 cbl2 gcc 11.2.0-8 on CBL Mariner 2.0 cbl2 kernel 5.15.32.1-3 on CBL Mariner 2.0 azl3 mozjs 102.15.1-1 on Azure Linux 3.0 cbl2 kernel 5.15.182.1-1 on CBL Mariner 2.0 azl3 ntopng 5.2.1-5 on Azure Linux 3.0 azl3 telegraf 1.31.0-10 on Azure Linux 3.0 azl3 pytorch 2.2.2-7 on Azure Linux 3.0 cbl2 telegraf 1.29.4-15 on CBL Mariner 2.0 azl3 fluent-bit 3.1.9-4 on Azure Linux 3.0 azl3 python-setuptools 69.0.3-5 on Azure Linux 3.0 azl3 kernel 6.6.92.2-1 on Azure Linux 3.0 azl3 opa 0.63.0-2 on Azure Linux 3.0 cbl2 qemu 6.2.0-24 on CBL Mariner 2.0 azl3 ceph 18.2.2-8 on Azure Linux 3.0 cbl2 tensorflow 2.11.1-2 on CBL Mariner 2.0 cbl2 kernel 5.15.164.1-1 on CBL Mariner 2.0 azl3 rust 1.75.0-14 on Azure Linux 3.0 cbl2 kernel 5.15.180.1-1 on CBL Mariner 2.0 cbl2 mysql 8.0.36-1 on CBL Mariner 2.0 azl3 golang 1.23.9-1 on Azure Linux 3.0 cbl2 python3 3.9.19-13 on CBL Mariner 2.0 cbl2 kernel 5.15.182.1-1 on CBL Mariner 2.0 azl3 kernel 6.6.96.2-1 on Azure Linux 3.0 azl3 rust 1.86.0-1 on Azure Linux 3.0 azl3 mysql 8.0.36-1 on Azure Linux 3.0 azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0 azl3 golang 1.24.3-1 on Azure Linux 3.0 cbl2 kernel 5.15.160.1-1 on CBL Mariner 2.0 cbl2 python-tensorboard 2.11.0-3 on CBL Mariner 2.0 cbl2 gcc 11.2.0-8 on CBL Mariner 2.0 cbl2 prometheus 2.37.9-4 on CBL Mariner 2.0 cbl2 rust 1.72.0-10 on CBL Mariner 2.0 cbl2 ruby 3.1.4-9 on CBL Mariner 2.0 cbl2 rubygem-rexml 3.2.7-4 on CBL Mariner 2.0 azl3 moby-engine 25.0.3-13 on Azure Linux 3.0 cbl2 msft-golang 1.24.1-2 on CBL Mariner 2.0 cbl2 kernel 5.15.162.2-1 on CBL Mariner 2.0 cbl2 telegraf 1.29.4-15 on CBL Mariner 2.0 cbl2 qt5-qtbase 5.12.11-15 on CBL Mariner 2.0 cbl2 bind 9.16.50-1 on CBL Mariner 2.0 azl3 qtbase 6.6.1-1 on Azure Linux 3.0 cbl2 golang 1.22.7-3 on CBL Mariner 2.0 cbl2 dhcp 4.4.3.P1-2 on CBL Mariner 2.0 cbl2 golang 1.18.8-8 on CBL Mariner 2.0 azl3 golang 1.23.8-1 on Azure Linux 3.0 cbl2 httpd 2.4.59-1 on CBL Mariner 2.0 azl3 httpd 2.4.58-4 on Azure Linux 3.0 cbl2 golang 1.18.8-7 on CBL Mariner 2.0 cbl2 fluent-bit 3.0.6-2 on CBL Mariner 2.0 cbl2 moby-engine 24.0.9-17 on CBL Mariner 2.0 cbl2 libcontainers-common 20210626-7 on CBL Mariner 2.0 cbl2 curl 8.8.0-6 on CBL Mariner 2.0 cbl2 ceph 16.2.10-7 on CBL Mariner 2.0 cbl2 python-virtualenv 20.26.6-1 on CBL Mariner 2.0 cbl2 mysql 8.0.41-1 on CBL Mariner 2.0 cbl2 python-idna 3.3-1 on CBL Mariner 2.0 azl3 python-idna 3.6-1 on Azure Linux 3.0 cbl2 kernel 5.15.173.1-1 on CBL Mariner 2.0 cbl2 pytorch 2.0.0-9 on CBL Mariner 2.0 cbl2 python-twisted 22.10.0-4 on CBL Mariner 2.0 cbl2 gtk2 2.24.32-12 on CBL Mariner 2.0 cbl2 gtk3 3.24.28-10 on CBL Mariner 2.0 cbl2 keepalived 2.3.1-1 on CBL Mariner 2.0 cbl2 opa 0.63.0-4 on CBL Mariner 2.0 cbl2 reaper 3.1.1-19 on CBL Mariner 2.0 cbl2 ntopng 5.2.1-2 on CBL Mariner 2.0 cbl2 fmt 8.1.1-1 on CBL Mariner 2.0 cbl2 golang 1.18.8-9 on CBL Mariner 2.0 cbl2 prometheus 2.37.9-5 on CBL Mariner 2.0 cbl2 opa 0.63.0-5 on CBL Mariner 2.0 azl3 kernel 6.6.96.2-2 on Azure Linux 3.0 cbl2 golang 1.18.8-10 on CBL Mariner 2.0 azl3 kernel 6.6.104.2-4 on Azure Linux 3.0 azl3 kernel 6.6.104.2-4 on Azure Linux 3.0 azl3 kernel 6.6.112.1-2 on Azure Linux 3.0 cbl2 reaper 3.1.1-21 on CBL Mariner 2.0 azl3 kernel 6.6.117.1-1 on Azure Linux 3.0 cbl2 reaper 3.1.1-22 on CBL Mariner 2.0 cbl2 prometheus 2.37.9-6 on CBL Mariner 2.0 azl3 kernel 6.6.119.3-1 on Azure Linux 3.0 azl3 kernel 6.6.119.3-3 on Azure Linux 3.0 azl3 kernel 6.6.121.1-1 on Azure Linux 3.0 cbl2 kernel 5.15.200.1-1 on CBL Mariner 2.0 azl3 kernel 6.6.126.1-1 on Azure Linux 3.0 cbl2 kernel 5.15.202.1-1 on CBL Mariner 2.0 azl3 kernel 6.6.130.1-3 on Azure Linux 3.0 azl3 kernel 6.6.134.1-2 on Azure Linux 3.0 azl3 kernel 6.6.137.1-2 on Azure Linux 3.0 azl3 kernel 6.6.138.1-1 on Azure Linux 3.0 azl3 kernel 6.6.139.1-1 on Azure Linux 3.0 Microsoft .NET Framework 3.5 on Windows Server 2012 Microsoft .NET Framework 3.5 on Windows Server 2012 (Server Core installation) Microsoft .NET Framework 3.5 on Windows Server 2012 R2 Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (Server Core installation) Microsoft .NET Framework 3.5 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 3.5 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 A flood of DNS messages over TCP may make the server unstable <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner isc Yes CVE-2024-0760 Allocation of Resources Without Limits or Throttling 17676-17084 18169-17084 17676-17084 18169-17084 Important 17676-17084 Important 18169-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17676-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18169-17084 CBL-Mariner Releases 17676-17084 18169-17084 No Security Update 9.20.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17676-17084 18169-17084 CBL-Mariner Releases 1.1 2026-02-18T02:38:37 <p>Information published.</p> 1.0 2024-08-15T00:00:00 <p>Information published.</p> BIND's database will be slow if a very large number of RRs exist at the same name <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner isc Yes CVE-2024-1737 Allocation of Resources Without Limits or Throttling 17676-17084 18169-17084 19739-17086 19750-17086 17676-17084 18169-17084 19739-17086 19750-17086 Important 17676-17084 Important 18169-17084 Important 19739-17086 Important 19750-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17676-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18169-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19739-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19750-17086 CBL-Mariner Releases 17676-17084 18169-17084 No Security Update 9.20.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17676-17084 18169-17084 CBL-Mariner Releases CBL-Mariner Releases 19739-17086 No Security Update 9.16.50-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19739-17086 CBL-Mariner Releases CBL-Mariner Releases 19750-17086 No Security Update 4.4.3.P1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19750-17086 CBL-Mariner Releases 1.2 2026-02-18T02:41:47 <p>Information published.</p> 1.0 2024-08-15T00:00:00 <p>Information published.</p> 1.1 2024-08-18T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2024-21127 17218-16823 17607-17084 19690-17084 17235-17086 19677-17086 17218-16823 17607-17084 19690-17084 17235-17086 19677-17086 Moderate 17218-16823 Moderate 17607-17084 Moderate 19690-17084 Moderate 17235-17086 19677-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17218-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17607-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19690-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17235-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19677-17086 CBL-Mariner Releases 17218-16823 17607-17084 19690-17084 17235-17086 19677-17086 No Security Update 8.0.40-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17218-16823 17607-17084 19690-17084 17235-17086 19677-17086 CBL-Mariner Releases 1.1 2024-10-25T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 1.2 2024-11-09T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 1.3 2024-12-04T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 2.0 2026-02-18T14:32:51 <p>Information published.</p> 1.0 2024-10-23T00:00:00 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2024-21130 17218-16823 17607-17084 19690-17084 19677-17086 17235-17086 17218-16823 17607-17084 19690-17084 19677-17086 17235-17086 Moderate 17218-16823 Moderate 17607-17084 Moderate 19690-17084 19677-17086 Moderate 17235-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17218-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17607-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19690-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19677-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17235-17086 CBL-Mariner Releases 17218-16823 17607-17084 19690-17084 19677-17086 17235-17086 No Security Update 8.0.40-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17218-16823 17607-17084 19690-17084 19677-17086 17235-17086 CBL-Mariner Releases 1.0 2024-10-23T00:00:00 <p>Information published.</p> 1.1 2024-10-25T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 1.2 2024-11-09T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 1.3 2024-12-04T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 2.0 2026-02-18T14:23:37 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2024-21135 17218-16823 17607-17084 19677-17086 19690-17084 17235-17086 17218-16823 17607-17084 19677-17086 19690-17084 17235-17086 Moderate 17218-16823 Moderate 17607-17084 19677-17086 Moderate 19690-17084 Moderate 17235-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17218-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17607-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19677-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19690-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17235-17086 CBL-Mariner Releases 17218-16823 17607-17084 19677-17086 19690-17084 17235-17086 No Security Update 8.0.40-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17218-16823 17607-17084 19677-17086 19690-17084 17235-17086 CBL-Mariner Releases 1.0 2024-10-23T00:00:00 <p>Information published.</p> 1.1 2024-10-25T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 1.2 2024-11-09T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 1.3 2024-12-04T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 2.0 2026-02-18T14:28:03 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2024-21159 17218-16823 17607-17084 19677-17086 19690-17084 17235-17086 17218-16823 17607-17084 19677-17086 19690-17084 17235-17086 Moderate 17218-16823 Moderate 17607-17084 19677-17086 Moderate 19690-17084 Moderate 17235-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17218-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17607-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19677-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19690-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17235-17086 CBL-Mariner Releases 17218-16823 17607-17084 19677-17086 19690-17084 17235-17086 No Security Update 8.0.40-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17218-16823 17607-17084 19677-17086 19690-17084 17235-17086 CBL-Mariner Releases 1.0 2024-10-23T00:00:00 <p>Information published.</p> 1.1 2024-10-25T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 1.2 2024-11-09T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 1.3 2024-12-04T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 2.0 2026-02-18T14:28:42 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2024-21160 17218-16823 17607-17084 19677-17086 19690-17084 17235-17086 17218-16823 17607-17084 19677-17086 19690-17084 17235-17086 Moderate 17218-16823 Moderate 17607-17084 19677-17086 Moderate 19690-17084 Moderate 17235-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17218-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17607-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19677-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19690-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17235-17086 CBL-Mariner Releases 17218-16823 17607-17084 19677-17086 19690-17084 17235-17086 No Security Update 8.0.40-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17218-16823 17607-17084 19677-17086 19690-17084 17235-17086 CBL-Mariner Releases 1.0 2024-10-23T00:00:00 <p>Information published.</p> 1.1 2024-10-25T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 1.2 2024-11-09T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 1.3 2024-12-04T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 2.0 2026-02-18T14:29:22 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2024-21163 17218-16823 17607-17084 19677-17086 19690-17084 17235-17086 17218-16823 17607-17084 19677-17086 19690-17084 17235-17086 Moderate 17218-16823 Moderate 17607-17084 19677-17086 Moderate 19690-17084 Moderate 17235-17086 5.5 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 17218-16823 5.5 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 17607-17084 5.5 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 19677-17086 5.5 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 19690-17084 5.5 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 17235-17086 CBL-Mariner Releases 17218-16823 17607-17084 19677-17086 19690-17084 17235-17086 No Security Update 8.0.40-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17218-16823 17607-17084 19677-17086 19690-17084 17235-17086 CBL-Mariner Releases 1.2 2024-11-09T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 1.0 2024-10-23T00:00:00 <p>Information published.</p> 1.1 2024-10-25T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 1.3 2024-12-04T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 2.0 2026-02-18T14:22:55 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2024-21166 Improper Authorization 17218-16823 17607-17084 17235-17086 19677-17086 19690-17084 17218-16823 17607-17084 17235-17086 19677-17086 19690-17084 Moderate 17218-16823 Moderate 17607-17084 Moderate 17235-17086 19677-17086 Moderate 19690-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H 17218-16823 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H 17607-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H 17235-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H 19677-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H 19690-17084 CBL-Mariner Releases 17218-16823 17607-17084 17235-17086 19677-17086 19690-17084 No Security Update 8.0.40-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17218-16823 17607-17084 17235-17086 19677-17086 19690-17084 CBL-Mariner Releases 1.0 2024-10-23T00:00:00 <p>Information published.</p> 1.1 2024-10-25T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 1.2 2024-11-09T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 1.3 2024-12-04T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 2.0 2026-02-18T14:34:01 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2024-21173 17218-16823 17607-17084 19677-17086 19690-17084 17235-17086 17218-16823 17607-17084 19677-17086 19690-17084 17235-17086 Moderate 17218-16823 Moderate 17607-17084 19677-17086 Moderate 19690-17084 Moderate 17235-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17218-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17607-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19677-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19690-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17235-17086 CBL-Mariner Releases 17218-16823 17607-17084 19677-17086 19690-17084 17235-17086 No Security Update 8.0.40-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17218-16823 17607-17084 19677-17086 19690-17084 17235-17086 CBL-Mariner Releases 1.0 2024-10-23T00:00:00 <p>Information published.</p> 1.2 2024-11-09T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 1.3 2024-12-04T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 2.0 2026-02-18T14:29:59 <p>Information published.</p> 1.1 2024-10-25T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> xfs: fix log recovery buffer allocation for the legacy h_size fixup <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-39472 Allocation of Resources Without Limits or Throttling 17207-16823 17651-17084 17095-17086 19529-17084 19673-17086 17207-16823 17651-17084 17095-17086 19529-17084 19673-17086 Moderate 17207-16823 Moderate 17651-17084 Moderate 17095-17086 Moderate 19529-17084 19673-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19529-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19673-17086 CBL-Mariner Releases 17207-16823 17095-17086 19673-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 17095-17086 19673-17086 CBL-Mariner Releases CBL-Mariner Releases 17651-17084 19529-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 19529-17084 CBL-Mariner Releases 1.2 2024-10-15T00:00:00 <p>Added kernel to Azure Linux 3.0 Added kernel to CBL-Mariner 2.0</p> 1.3 2024-12-04T00:00:00 <p>Added kernel to Azure Linux 3.0 Added kernel to CBL-Mariner 2.0</p> 2.0 2026-02-18T01:25:52 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2024-10-12T00:00:00 <p>Information published.</p> mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-39474 Allocation of Resources Without Limits or Throttling 17233-16823 17671-17084 17095-17086 19673-17086 16839-17084 17233-16823 17671-17084 17095-17086 19673-17086 16839-17084 Moderate 17233-16823 Moderate 17671-17084 Moderate 17095-17086 19673-17086 Moderate 16839-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19673-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 16839-17084 CBL-Mariner Releases 17233-16823 17095-17086 19673-17086 No Security Update 5.15.162.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17233-16823 17095-17086 19673-17086 CBL-Mariner Releases CBL-Mariner Releases 17671-17084 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17671-17084 CBL-Mariner Releases CBL-Mariner Releases 16839-17084 No Security Update 6.6.35.1-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16839-17084 CBL-Mariner Releases 3.0 2026-02-18T01:27:59 <p>Information published.</p> 1.0 2024-08-10T00:00:00 <p>Information published.</p> 1.1 2024-08-29T00:00:00 <p>Information published.</p> 1.2 2024-08-30T00:00:00 <p>Information published.</p> 1.3 2024-08-31T00:00:00 <p>Information published.</p> 1.4 2024-09-01T00:00:00 <p>Information published.</p> 1.5 2024-09-02T00:00:00 <p>Information published.</p> 1.6 2024-09-03T00:00:00 <p>Information published.</p> 1.7 2024-09-05T00:00:00 <p>Information published.</p> 1.8 2024-09-06T00:00:00 <p>Information published.</p> 1.9 2024-09-07T00:00:00 <p>Information published.</p> 2.0 2024-09-08T00:00:00 <p>Information published.</p> 2.1 2024-09-11T00:00:00 <p>Information published.</p> 2.2 2024-12-03T00:00:00 <p>Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0</p> md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-39476 Improper Locking 17233-16823 17671-17084 19702-17086 16839-17084 17292-17086 17233-16823 17671-17084 19702-17086 16839-17084 17292-17086 Moderate 17233-16823 Moderate 17671-17084 19702-17086 Moderate 16839-17084 Moderate 17292-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19702-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 16839-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17292-17086 CBL-Mariner Releases 17233-16823 19702-17086 17292-17086 No Security Update 5.15.162.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17233-16823 19702-17086 17292-17086 CBL-Mariner Releases CBL-Mariner Releases 17671-17084 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17671-17084 CBL-Mariner Releases CBL-Mariner Releases 16839-17084 No Security Update 6.6.35.1-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16839-17084 CBL-Mariner Releases 1.0 2024-08-05T00:00:00 <p>Information published.</p> 1.1 2024-08-29T00:00:00 <p>Information published.</p> 1.2 2024-08-30T00:00:00 <p>Information published.</p> 1.3 2024-08-31T00:00:00 <p>Information published.</p> 1.4 2024-09-01T00:00:00 <p>Information published.</p> 1.5 2024-09-02T00:00:00 <p>Information published.</p> 1.6 2024-09-03T00:00:00 <p>Information published.</p> 1.7 2024-09-05T00:00:00 <p>Information published.</p> 1.8 2024-09-06T00:00:00 <p>Information published.</p> 1.9 2024-09-07T00:00:00 <p>Information published.</p> 2.0 2024-09-08T00:00:00 <p>Information published.</p> 2.1 2024-09-11T00:00:00 <p>Information published.</p> 3.0 2026-02-18T01:33:55 <p>Information published.</p> kdb: Fix buffer overflow during tab-complete <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-39480 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 17233-16823 17671-17084 19702-17086 16839-17084 17292-17086 17233-16823 17671-17084 19702-17086 16839-17084 17292-17086 Important 17233-16823 Important 17671-17084 19702-17086 Important 16839-17084 Important 17292-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19702-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 16839-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17292-17086 CBL-Mariner Releases 17233-16823 19702-17086 17292-17086 No Security Update 5.15.162.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17233-16823 19702-17086 17292-17086 CBL-Mariner Releases CBL-Mariner Releases 17671-17084 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17671-17084 CBL-Mariner Releases CBL-Mariner Releases 16839-17084 No Security Update 6.6.35.1-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16839-17084 CBL-Mariner Releases 1.0 2024-08-05T00:00:00 <p>Information published.</p> 1.1 2024-08-29T00:00:00 <p>Information published.</p> 1.2 2024-08-30T00:00:00 <p>Information published.</p> 1.3 2024-08-31T00:00:00 <p>Information published.</p> 1.4 2024-09-01T00:00:00 <p>Information published.</p> 1.5 2024-09-02T00:00:00 <p>Information published.</p> 1.6 2024-09-03T00:00:00 <p>Information published.</p> 1.7 2024-09-05T00:00:00 <p>Information published.</p> 1.8 2024-09-06T00:00:00 <p>Information published.</p> 1.9 2024-09-07T00:00:00 <p>Information published.</p> 2.0 2024-09-08T00:00:00 <p>Information published.</p> 2.1 2024-09-11T00:00:00 <p>Information published.</p> 3.0 2026-02-18T01:36:06 <p>Information published.</p> KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-39483 17233-16823 17671-17084 17095-17086 19673-17086 16839-17084 17233-16823 17671-17084 17095-17086 19673-17086 16839-17084 Moderate 17233-16823 Moderate 17671-17084 Moderate 17095-17086 19673-17086 Moderate 16839-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19673-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 16839-17084 CBL-Mariner Releases 17233-16823 17095-17086 19673-17086 No Security Update 5.15.162.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17233-16823 17095-17086 19673-17086 CBL-Mariner Releases CBL-Mariner Releases 17671-17084 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17671-17084 CBL-Mariner Releases CBL-Mariner Releases 16839-17084 No Security Update 6.6.35.1-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16839-17084 CBL-Mariner Releases 2.2 2024-12-03T00:00:00 <p>Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0</p> 1.0 2024-08-10T00:00:00 <p>Information published.</p> 1.1 2024-08-29T00:00:00 <p>Information published.</p> 1.2 2024-08-30T00:00:00 <p>Information published.</p> 1.3 2024-08-31T00:00:00 <p>Information published.</p> 1.4 2024-09-01T00:00:00 <p>Information published.</p> 1.5 2024-09-02T00:00:00 <p>Information published.</p> 1.6 2024-09-03T00:00:00 <p>Information published.</p> 1.7 2024-09-05T00:00:00 <p>Information published.</p> 1.8 2024-09-06T00:00:00 <p>Information published.</p> 1.9 2024-09-07T00:00:00 <p>Information published.</p> 2.0 2024-09-08T00:00:00 <p>Information published.</p> 2.1 2024-09-11T00:00:00 <p>Information published.</p> 3.0 2026-02-18T01:31:12 <p>Information published.</p> bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-39487 Out-of-bounds Read 17250-16823 17651-17084 17671-17084 19731-17086 17233-17086 17250-16823 17651-17084 17671-17084 19731-17086 17233-17086 Important 17250-16823 Important 17651-17084 Important 17671-17084 19731-17086 Important 17233-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17671-17084 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19731-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17233-17086 CBL-Mariner Releases 17250-16823 19731-17086 17233-17086 No Security Update 5.15.164.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17250-16823 19731-17086 17233-17086 CBL-Mariner Releases CBL-Mariner Releases 17651-17084 17671-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17671-17084 CBL-Mariner Releases 2.0 2026-02-18T14:51:06 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-39493 Missing Release of Memory after Effective Lifetime 17233-16823 17292-17086 19702-17086 17233-16823 17292-17086 19702-17086 Moderate 17233-16823 Moderate 17292-17086 19702-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17233-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17292-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19702-17086 CBL-Mariner Releases 17233-16823 17292-17086 19702-17086 No Security Update 5.15.162.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17233-16823 17292-17086 19702-17086 CBL-Mariner Releases 1.0 2024-08-08T00:00:00 <p>Information published.</p> 2.0 2026-02-19T01:02:39 <p>Information published.</p> greybus: Fix use-after-free bug in gb_interface_release due to race condition. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-39495 Use After Free 17233-16823 17675-17084 19702-17086 16839-17084 17292-17086 17233-16823 17675-17084 19702-17086 16839-17084 17292-17086 Important 17233-16823 Important 17675-17084 19702-17086 Important 16839-17084 Important 17292-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19702-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 16839-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17292-17086 CBL-Mariner Releases 17233-16823 19702-17086 17292-17086 No Security Update 5.15.162.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17233-16823 19702-17086 17292-17086 CBL-Mariner Releases CBL-Mariner Releases 17675-17084 No Security Update 6.6.35.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17675-17084 CBL-Mariner Releases CBL-Mariner Releases 16839-17084 No Security Update 6.6.35.1-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16839-17084 CBL-Mariner Releases 1.0 2024-08-05T00:00:00 <p>Information published.</p> 1.1 2024-08-29T00:00:00 <p>Information published.</p> 1.2 2024-08-30T00:00:00 <p>Information published.</p> 1.3 2024-08-31T00:00:00 <p>Information published.</p> 1.4 2024-09-01T00:00:00 <p>Information published.</p> 1.5 2024-09-02T00:00:00 <p>Information published.</p> 1.6 2024-09-03T00:00:00 <p>Information published.</p> 1.7 2024-09-05T00:00:00 <p>Information published.</p> 1.8 2024-09-06T00:00:00 <p>Information published.</p> 1.9 2024-09-07T00:00:00 <p>Information published.</p> 2.0 2024-09-08T00:00:00 <p>Information published.</p> 2.1 2024-09-11T00:00:00 <p>Information published.</p> 3.0 2026-02-18T02:42:45 <p>Information published.</p> Apache HTTP Server: source code disclosure with handlers configured via AddType <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner apache Yes CVE-2024-39884 17283-16823 17684-17084 19781-17084 19775-17086 17357-17086 17283-16823 17684-17084 19781-17084 19775-17086 17357-17086 Moderate 17283-16823 Moderate 17684-17084 19781-17084 19775-17086 17357-17086 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 17283-16823 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 17684-17084 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 19781-17084 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 19775-17086 6.2 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 17357-17086 CBL-Mariner Releases 17283-16823 17684-17084 19781-17084 19775-17086 17357-17086 No Security Update 2.4.61-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17283-16823 17684-17084 19781-17084 19775-17086 17357-17086 CBL-Mariner Releases 1.4 2024-12-03T00:00:00 <p>Added httpd to CBL-Mariner 2.0 Added httpd to Azure Linux 3.0</p> 2.0 2026-02-18T01:15:49 <p>Information published.</p> 1.0 2024-07-19T00:00:00 <p>Information published.</p> 1.1 2024-08-15T00:00:00 <p>Information published.</p> 1.2 2024-09-11T00:00:00 <p>Information published.</p> 1.3 2024-11-21T00:00:00 <p>Added httpd to CBL-Mariner 2.0 Added httpd to Azure Linux 3.0</p> Denial of service in REXML <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-39908 Uncontrolled Resource Consumption 17596-17084 17669-17084 19724-17086 19723-17086 17737-17084 17670-17084 17596-17084 17669-17084 19724-17086 19723-17086 17737-17084 17670-17084 Moderate 17596-17084 Moderate 17669-17084 Moderate 19724-17086 Moderate 19723-17086 Moderate 17737-17084 Moderate 17670-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 17596-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 17669-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 19724-17086 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 19723-17086 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 17737-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 17670-17084 CBL-Mariner Releases 17596-17084 17670-17084 No Security Update 3.3.5-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17596-17084 17670-17084 CBL-Mariner Releases CBL-Mariner Releases 17669-17084 17737-17084 No Security Update 3.3.4-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17669-17084 17737-17084 CBL-Mariner Releases CBL-Mariner Releases 19724-17086 No Security Update 3.2.7-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19724-17086 CBL-Mariner Releases CBL-Mariner Releases 19723-17086 No Security Update 3.1.7-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19723-17086 CBL-Mariner Releases 1.0 2024-10-15T00:00:00 <p>Information published.</p> 1.1 2024-12-19T00:00:00 <p>Added ruby to Azure Linux 3.0 Added rubygem-rexml to Azure Linux 3.0</p> 1.2 2025-03-04T00:00:00 <p>Added rubygem-rexml to CBL-Mariner 2.0 Added ruby to Azure Linux 3.0 Added rubygem-rexml to Azure Linux 3.0</p> 2.0 2025-07-11T00:00:00 <p>Added ruby to CBL-Mariner 2.0 Added rubygem-rexml to CBL-Mariner 2.0 Added ruby to Azure Linux 3.0 Added rubygem-rexml to Azure Linux 3.0</p> 2.1 2026-02-18T01:55:05 <p>Information published.</p> Assertion failure when serving both stale cache data and authoritative zone content <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner isc Yes CVE-2024-4076 Reachable Assertion 17676-17084 19739-17086 18169-17084 17676-17084 19739-17086 18169-17084 Important 17676-17084 Important 19739-17086 Important 18169-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17676-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19739-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18169-17084 CBL-Mariner Releases 17676-17084 18169-17084 No Security Update 9.20.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17676-17084 18169-17084 CBL-Mariner Releases CBL-Mariner Releases 19739-17086 No Security Update 9.16.50-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19739-17086 CBL-Mariner Releases 1.2 2026-02-18T02:36:45 <p>Information published.</p> 1.0 2024-08-15T00:00:00 <p>Information published.</p> 1.1 2024-08-18T00:00:00 <p>Information published.</p> jfs: xattr: fix buffer overflow for invalid xattr <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-40902 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 17233-16823 17675-17084 19702-17086 16839-17084 17292-17086 17233-16823 17675-17084 19702-17086 16839-17084 17292-17086 Important 17233-16823 Important 17675-17084 19702-17086 Important 16839-17084 Important 17292-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17233-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17675-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19702-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 16839-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17292-17086 CBL-Mariner Releases 17233-16823 19702-17086 17292-17086 No Security Update 5.15.162.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17233-16823 19702-17086 17292-17086 CBL-Mariner Releases CBL-Mariner Releases 17675-17084 No Security Update 6.6.35.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17675-17084 CBL-Mariner Releases CBL-Mariner Releases 16839-17084 No Security Update 6.6.35.1-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16839-17084 CBL-Mariner Releases 3.0 2026-02-18T02:44:20 <p>Information published.</p> 1.0 2024-08-05T00:00:00 <p>Information published.</p> 1.1 2024-08-29T00:00:00 <p>Information published.</p> 1.2 2024-08-30T00:00:00 <p>Information published.</p> 1.3 2024-08-31T00:00:00 <p>Information published.</p> 1.4 2024-09-01T00:00:00 <p>Information published.</p> 1.5 2024-09-02T00:00:00 <p>Information published.</p> 1.6 2024-09-03T00:00:00 <p>Information published.</p> 1.7 2024-09-05T00:00:00 <p>Information published.</p> 1.8 2024-09-06T00:00:00 <p>Information published.</p> 1.9 2024-09-07T00:00:00 <p>Information published.</p> 2.0 2024-09-08T00:00:00 <p>Information published.</p> 2.1 2024-09-11T00:00:00 <p>Information published.</p> ocfs2: fix NULL pointer dereference in ocfs2_journal_dirty() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-40952 NULL Pointer Dereference 17651-17084 17671-17084 17651-17084 17671-17084 Moderate 17651-17084 Moderate 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 CBL-Mariner Releases 17651-17084 17671-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17671-17084 CBL-Mariner Releases 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2026-02-18T14:55:57 <p>Information published.</p> ipv6: prevent possible NULL deref in fib6_nh_init() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-40961 NULL Pointer Dereference 17651-17084 17671-17084 17651-17084 17671-17084 Moderate 17651-17084 Moderate 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 CBL-Mariner Releases 17651-17084 17671-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17671-17084 CBL-Mariner Releases 1.1 2026-02-18T14:55:02 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-40995 Loop with Unreachable Exit Condition ('Infinite Loop') 17651-17084 17671-17084 17651-17084 17671-17084 Moderate 17651-17084 Moderate 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 CBL-Mariner Releases 17651-17084 17671-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17671-17084 CBL-Mariner Releases 1.1 2026-02-18T14:53:46 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> bpf: Avoid splat in pskb_pull_reason <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-40996 17651-17084 17671-17084 17651-17084 17671-17084 Important 17651-17084 Important 17671-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17651-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17671-17084 CBL-Mariner Releases 17651-17084 17671-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17671-17084 CBL-Mariner Releases 1.1 2026-02-18T14:49:37 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> cpufreq: amd-pstate: fix memory leak on CPU EPP exit <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-40997 Missing Release of Memory after Effective Lifetime 17651-17084 17671-17084 17087-17086 21093-17086 20925-17086 17651-17084 17671-17084 17087-17086 21093-17086 20925-17086 Moderate 17651-17084 Moderate 17671-17084 Moderate 17087-17086 Moderate 21093-17086 Moderate 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 CBL-Mariner Releases 17651-17084 17671-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17671-17084 CBL-Mariner Releases 1.1 2026-02-18T14:50:18 <p>Information published.</p> 3.0 2026-03-31T14:50:30 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> 2.0 2026-03-03T14:41:14 <p>Information published.</p> crypto: hisilicon/sec - Fix memory leak for sec resource release <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41002 Missing Release of Memory after Effective Lifetime 17651-17084 17671-17084 17651-17084 17671-17084 Moderate 17651-17084 Moderate 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 CBL-Mariner Releases 17651-17084 17671-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17671-17084 CBL-Mariner Releases 1.1 2026-02-18T14:56:28 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> netrom: Fix a memory leak in nr_heartbeat_expiry() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41006 Missing Release of Memory after Effective Lifetime 17651-17084 17671-17084 17651-17084 17671-17084 Moderate 17651-17084 Moderate 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 CBL-Mariner Releases 17651-17084 17671-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17671-17084 CBL-Mariner Releases 1.1 2026-02-18T14:56:56 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> tcp: avoid too many retransmit packets <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41007 17250-16823 17661-17084 19731-17086 17671-17084 17233-17086 17250-16823 17661-17084 19731-17086 17671-17084 17233-17086 Low 17250-16823 Low 17661-17084 19731-17086 Low 17671-17084 Low 17233-17086 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 17250-16823 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 17661-17084 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 19731-17086 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 17671-17084 3.3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 17233-17086 CBL-Mariner Releases 17250-16823 19731-17086 17233-17086 No Security Update 5.15.164.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17250-16823 19731-17086 17233-17086 CBL-Mariner Releases CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 1.1 2024-08-21T00:00:00 <p>Information published.</p> 2.0 2026-02-18T01:46:25 <p>Information published.</p> bpf: Fix too early release of tcx_entry <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41010 Use After Free 17661-17084 17671-17084 17661-17084 17671-17084 Moderate 17661-17084 Moderate 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 1.1 2026-02-18T01:47:02 <p>Information published.</p> ASoC: SOF: Intel: hda: fix null deref on system suspend entry <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41037 NULL Pointer Dereference 17661-17084 17671-17084 17661-17084 17671-17084 Moderate 17661-17084 Moderate 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 1.1 2026-02-19T01:18:17 <p>Information published.</p> net: ethernet: lantiq_etop: fix double free in detach <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41046 Double Free 17651-17084 17671-17084 17651-17084 17671-17084 Important 17651-17084 Important 17671-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17671-17084 CBL-Mariner Releases 17651-17084 17671-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17671-17084 CBL-Mariner Releases 1.1 2026-02-18T15:13:06 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> scsi: ufs: core: Fix ufshcd_abort_one racing issue <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41053 NULL Pointer Dereference 17651-17084 17671-17084 17651-17084 17671-17084 Moderate 17651-17084 Moderate 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17651-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 CBL-Mariner Releases 17651-17084 17671-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17671-17084 CBL-Mariner Releases 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2026-02-18T14:55:29 <p>Information published.</p> mm: prevent derefencing NULL ptr in pfn_section_valid() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41055 NULL Pointer Dereference 17250-16823 17651-17084 17671-17084 17233-17086 19731-17086 17250-16823 17651-17084 17671-17084 17233-17086 19731-17086 Moderate 17250-16823 Moderate 17651-17084 Moderate 17671-17084 Moderate 17233-17086 19731-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17233-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19731-17086 CBL-Mariner Releases 17250-16823 17233-17086 19731-17086 No Security Update 5.15.164.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17250-16823 17233-17086 19731-17086 CBL-Mariner Releases CBL-Mariner Releases 17651-17084 17671-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17671-17084 CBL-Mariner Releases 1.0 2024-09-11T00:00:00 <p>Information published.</p> 2.0 2026-02-18T15:07:44 <p>Information published.</p> cachefiles: fix slab-use-after-free in fscache_withdraw_volume() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41058 Use After Free 17651-17084 17671-17084 17651-17084 17671-17084 Important 17651-17084 Important 17671-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17671-17084 CBL-Mariner Releases 17651-17084 17671-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17671-17084 CBL-Mariner Releases 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2026-02-18T14:52:04 <p>Information published.</p> powerpc/eeh: avoid possible crash when edev->pdev changes <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41064 17651-17084 17671-17084 17651-17084 17671-17084 Moderate 17651-17084 Moderate 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 CBL-Mariner Releases 17651-17084 17671-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17671-17084 CBL-Mariner Releases 1.1 2026-02-18T15:12:57 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41070 Use After Free 17250-16823 17651-17084 19731-17086 17671-17084 17233-17086 17250-16823 17651-17084 19731-17086 17671-17084 17233-17086 Important 17250-16823 Important 17651-17084 19731-17086 Important 17671-17084 Important 17233-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17250-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17651-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19731-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17671-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17233-17086 CBL-Mariner Releases 17250-16823 19731-17086 17233-17086 No Security Update 5.15.164.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17250-16823 19731-17086 17233-17086 CBL-Mariner Releases CBL-Mariner Releases 17651-17084 17671-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17671-17084 CBL-Mariner Releases 2.0 2026-02-18T15:07:22 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> cxl/region: Avoid null pointer dereference in region lookup <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41084 NULL Pointer Dereference 17651-17084 17671-17084 17651-17084 17671-17084 Moderate 17651-17084 Moderate 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 CBL-Mariner Releases 17651-17084 17671-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17671-17084 CBL-Mariner Releases 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2026-02-18T15:10:01 <p>Information published.</p> ata: libata-core: Fix double free on error <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41087 Double Free 17661-17084 17671-17084 17661-17084 17671-17084 Important 17661-17084 Important 17671-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17671-17084 CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 1.1 2026-02-19T01:13:28 <p>Information published.</p> drm/i915/gt: Fix potential UAF by revoke of fence registers <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41092 Use After Free 17661-17084 17671-17084 17661-17084 17671-17084 Important 17661-17084 Important 17671-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17671-17084 CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 1.1 2026-02-19T01:18:26 <p>Information published.</p> drm/fbdev-dma: Only set smem_start is enable per module option <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41094 17651-17084 17671-17084 17651-17084 17671-17084 Moderate 17651-17084 Moderate 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17651-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 CBL-Mariner Releases 17651-17084 17671-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17671-17084 CBL-Mariner Releases 1.1 2026-02-18T15:10:48 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> PCI/MSI: Fix UAF in msi_capability_init <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41096 Use After Free 17661-17084 17671-17084 17661-17084 17671-17084 Important 17661-17084 Important 17671-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17661-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17671-17084 CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 1.1 2026-02-19T01:18:45 <p>Information published.</p> ata: libata-core: Fix null pointer dereference on error <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41098 NULL Pointer Dereference 17207-16823 17661-17084 19682-17086 17671-17084 18490-17086 17207-16823 17661-17084 19682-17086 17671-17084 18490-17086 Moderate 17207-16823 Moderate 17661-17084 19682-17086 Moderate 17671-17084 Moderate 18490-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19682-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18490-17086 CBL-Mariner Releases 17207-16823 19682-17086 18490-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 19682-17086 18490-17086 CBL-Mariner Releases CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 1.1 2024-10-12T00:00:00 <p>Information published.</p> 1.2 2024-11-01T00:00:00 <p>Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0</p> 1.3 2024-12-03T00:00:00 <p>Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0</p> 2.0 2026-02-19T01:17:47 <p>Information published.</p> In the vrrp_ipsets_handler handler (fglobal_parser.c) of keepalived through 2.3.1 an integer overflow can occur. NOTE: this CVE Record might not be worthwhile because an empty ipset name must be configured by the user. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-41184 Integer Overflow or Wraparound 17685-17084 20058-17086 17685-17084 20058-17086 Critical 17685-17084 Critical 20058-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17685-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 20058-17086 CBL-Mariner Releases 17685-17084 20058-17086 No Security Update 2.3.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17685-17084 20058-17086 CBL-Mariner Releases 1.1 2024-10-15T00:00:00 <p>Added keepalived to Azure Linux 3.0 Added keepalived to CBL-Mariner 2.0</p> 1.2 2026-02-18T01:52:04 <p>Information published.</p> 1.0 2024-09-19T00:00:00 <p>Information published.</p> HTML injection in HTTP redirect body <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-41810 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 17270-16823 17672-17084 18264-17084 20027-17086 17270-16823 17672-17084 18264-17084 20027-17086 Moderate 17270-16823 Moderate 17672-17084 Moderate 18264-17084 Moderate 20027-17086 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 17270-16823 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 17672-17084 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 18264-17084 6.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 20027-17086 CBL-Mariner Releases 17270-16823 17672-17084 18264-17084 20027-17086 No Security Update 22.10.0-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17270-16823 17672-17084 18264-17084 20027-17086 CBL-Mariner Releases 3.2 2026-02-18T02:51:13 <p>Information published.</p> 1.0 2024-08-18T00:00:00 <p>Information published.</p> 1.1 2024-08-19T00:00:00 <p>Information published.</p> 1.2 2024-08-20T00:00:00 <p>Information published.</p> 1.3 2024-08-21T00:00:00 <p>Information published.</p> 1.4 2024-08-22T00:00:00 <p>Information published.</p> 1.5 2024-08-23T00:00:00 <p>Information published.</p> 1.6 2024-08-24T00:00:00 <p>Information published.</p> 1.7 2024-08-25T00:00:00 <p>Information published.</p> 1.8 2024-08-26T00:00:00 <p>Information published.</p> 1.9 2024-08-27T00:00:00 <p>Information published.</p> 2.0 2024-08-28T00:00:00 <p>Information published.</p> 2.1 2024-08-29T00:00:00 <p>Information published.</p> 2.2 2024-08-30T00:00:00 <p>Information published.</p> 2.3 2024-08-31T00:00:00 <p>Information published.</p> 2.4 2024-09-01T00:00:00 <p>Information published.</p> 2.5 2024-09-02T00:00:00 <p>Information published.</p> 2.6 2024-09-03T00:00:00 <p>Information published.</p> 2.7 2024-09-05T00:00:00 <p>Information published.</p> 2.8 2024-09-06T00:00:00 <p>Information published.</p> 2.9 2024-09-07T00:00:00 <p>Information published.</p> 3.0 2024-09-08T00:00:00 <p>Information published.</p> 3.1 2024-09-11T00:00:00 <p>Information published.</p> bpf: Take return from set_memory_rox() into account with bpf_jit_binary_lock_ro() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42067 Unchecked Return Value 17661-17084 17087-17086 17671-17084 20925-17086 21093-17086 17661-17084 17087-17086 17671-17084 20925-17086 21093-17086 Moderate 17661-17084 Moderate 17087-17086 Moderate 17671-17084 Moderate 20925-17086 Moderate 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17661-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 3.0 2026-03-31T14:48:10 <p>Information published.</p> 1.1 2026-02-19T01:01:33 <p>Information published.</p> 2.0 2026-03-03T14:39:48 <p>Information published.</p> net: mana: Fix possible double free in error handling path <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42069 NULL Pointer Dereference 17661-17084 17671-17084 20925-17086 17087-17086 21093-17086 17661-17084 17671-17084 20925-17086 17087-17086 21093-17086 Moderate 17661-17084 Moderate 17671-17084 Moderate 20925-17086 Moderate 17087-17086 Moderate 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:56:21 <p>Information published.</p> 3.0 2026-03-31T14:45:41 <p>Information published.</p> 2.0 2026-03-03T14:38:22 <p>Information published.</p> ionic: use dev_consume_skb_any outside of napi <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42071 Excessive Iteration 17233-16823 17661-17084 19673-17086 19529-17084 17095-17086 17233-16823 17661-17084 19673-17086 19529-17084 17095-17086 Moderate 17233-16823 Moderate 17661-17084 19673-17086 Moderate 19529-17084 Moderate 17095-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19673-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19529-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-17086 CBL-Mariner Releases 17233-16823 19673-17086 17095-17086 No Security Update 5.15.162.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17233-16823 19673-17086 17095-17086 CBL-Mariner Releases CBL-Mariner Releases 17661-17084 19529-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 19529-17084 CBL-Mariner Releases 1.1 2024-08-16T00:00:00 <p>Information published.</p> 1.3 2024-12-03T00:00:00 <p>Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0</p> 2.0 2026-02-18T02:59:09 <p>Information published.</p> 1.0 2024-08-10T00:00:00 <p>Information published.</p> 1.2 2024-09-11T00:00:00 <p>Information published.</p> mlxsw: spectrum_buffers: Fix memory corruptions on Spectrum-4 systems <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42073 Use After Free 17233-16823 17661-17084 19673-17086 17095-17086 17671-17084 17233-16823 17661-17084 19673-17086 17095-17086 17671-17084 Moderate 17233-16823 Moderate 17661-17084 19673-17086 Moderate 17095-17086 Moderate 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19673-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 CBL-Mariner Releases 17233-16823 19673-17086 17095-17086 No Security Update 5.15.162.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17233-16823 19673-17086 17095-17086 CBL-Mariner Releases CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.1 2024-08-16T00:00:00 <p>Information published.</p> 2.0 2026-02-18T03:02:58 <p>Information published.</p> 1.0 2024-08-10T00:00:00 <p>Information published.</p> 1.2 2024-09-11T00:00:00 <p>Information published.</p> 1.3 2024-12-03T00:00:00 <p>Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0</p> ocfs2: fix DIO failure due to insufficient transaction credits <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42077 17233-16823 17661-17084 19702-17086 17671-17084 17292-17086 17233-16823 17661-17084 19702-17086 17671-17084 17292-17086 Moderate 17233-16823 Moderate 17661-17084 19702-17086 Moderate 17671-17084 Moderate 17292-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17233-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17661-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19702-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17292-17086 CBL-Mariner Releases 17233-16823 19702-17086 17292-17086 No Security Update 5.15.162.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17233-16823 19702-17086 17292-17086 CBL-Mariner Releases CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.1 2024-08-16T00:00:00 <p>Information published.</p> 2.0 2026-02-18T02:53:37 <p>Information published.</p> 1.0 2024-08-08T00:00:00 <p>Information published.</p> RDMA/restrack: Fix potential invalid address access <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42080 Out-of-bounds Write 17233-16823 17661-17084 17292-17086 19702-17086 17671-17084 17233-16823 17661-17084 17292-17086 19702-17086 17671-17084 Moderate 17233-16823 Moderate 17661-17084 Moderate 17292-17086 19702-17086 Moderate 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17292-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19702-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 CBL-Mariner Releases 17233-16823 17292-17086 19702-17086 No Security Update 5.15.162.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17233-16823 17292-17086 19702-17086 CBL-Mariner Releases CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.1 2024-08-16T00:00:00 <p>Information published.</p> 2.0 2026-02-18T02:52:47 <p>Information published.</p> 1.0 2024-08-08T00:00:00 <p>Information published.</p> xdp: Remove WARN() from __xdp_reg_mem_model() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42082 Allocation of Resources Without Limits or Throttling 17233-16823 17661-17084 19702-17086 17292-17086 17671-17084 17233-16823 17661-17084 19702-17086 17292-17086 17671-17084 Moderate 17233-16823 Moderate 17661-17084 19702-17086 Moderate 17292-17086 Moderate 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17233-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17661-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19702-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17292-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 CBL-Mariner Releases 17233-16823 19702-17086 17292-17086 No Security Update 5.15.162.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17233-16823 19702-17086 17292-17086 CBL-Mariner Releases CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.1 2024-08-16T00:00:00 <p>Information published.</p> 2.0 2026-02-18T02:58:25 <p>Information published.</p> 1.0 2024-08-08T00:00:00 <p>Information published.</p> pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42090 Improper Locking 17651-17084 17671-17084 17651-17084 17671-17084 Moderate 17651-17084 Moderate 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 CBL-Mariner Releases 17651-17084 17671-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17671-17084 CBL-Mariner Releases 1.1 2026-02-18T15:13:27 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42114 Improper Locking 17207-16823 17250-17086 19670-17086 17207-16823 17250-17086 19670-17086 Moderate 17207-16823 Moderate 17250-17086 19670-17086 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17250-17086 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19670-17086 CBL-Mariner Releases 17207-16823 17250-17086 19670-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 17250-17086 19670-17086 CBL-Mariner Releases 2.0 2026-02-18T15:15:57 <p>Information published.</p> 1.0 2024-10-12T00:00:00 <p>Information published.</p> riscv: kexec: Avoid deadlock in kexec crash path <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42140 Improper Locking 17651-17084 17671-17084 17651-17084 17671-17084 Moderate 17651-17084 Moderate 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 CBL-Mariner Releases 17651-17084 17671-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17671-17084 CBL-Mariner Releases 1.1 2026-02-18T15:11:48 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> tcp_metrics: validate source addr length <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42154 Improper Check for Unusual or Exceptional Conditions 17250-16823 17661-17084 17671-17084 19731-17086 17233-17086 17250-16823 17661-17084 17671-17084 19731-17086 17233-17086 Moderate 17250-16823 Moderate 17661-17084 Moderate 17671-17084 19731-17086 Moderate 17233-17086 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 17671-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 19731-17086 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 17233-17086 CBL-Mariner Releases 17250-16823 19731-17086 17233-17086 No Security Update 5.15.164.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17250-16823 19731-17086 17233-17086 CBL-Mariner Releases CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 1.1 2024-08-21T00:00:00 <p>Information published.</p> 1.2 2024-10-01T00:00:00 <p>Information published.</p> 2.0 2026-02-19T01:16:57 <p>Information published.</p> bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42161 Use of Uninitialized Resource 17263-16823 17661-17084 17671-17084 17233-17086 19731-17086 17263-16823 17661-17084 17671-17084 17233-17086 19731-17086 Moderate 17263-16823 Moderate 17661-17084 Moderate 17671-17084 Moderate 17233-17086 19731-17086 6.3 6.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H 17263-16823 6.3 6.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H 17661-17084 6.3 6.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H 17671-17084 6.3 6.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H 17233-17086 6.3 6.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H 19731-17086 CBL-Mariner Releases 17263-16823 No Security Update 5.15.163.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17263-16823 CBL-Mariner Releases CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases CBL-Mariner Releases 17233-17086 19731-17086 No Security Update 5.15.164.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17233-17086 19731-17086 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 2.0 2026-02-19T01:10:37 <p>Information published.</p> 1.1 2024-08-21T00:00:00 <p>Information published.</p> 1.2 2024-09-25T00:00:00 <p>Information published.</p> media: dvb-frontends: tda10048: Fix integer overflow <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42223 Integer Overflow or Wraparound 17250-16823 17661-17084 19731-17086 17671-17084 17233-17086 17250-16823 17661-17084 19731-17086 17671-17084 17233-17086 Moderate 17250-16823 Moderate 17661-17084 19731-17086 Moderate 17671-17084 Moderate 17233-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19731-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17233-17086 CBL-Mariner Releases 17250-16823 19731-17086 17233-17086 No Security Update 5.15.164.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17250-16823 19731-17086 17233-17086 CBL-Mariner Releases CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 2.0 2026-02-19T01:09:26 <p>Information published.</p> 1.1 2024-08-21T00:00:00 <p>Information published.</p> drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42228 Use of Uninitialized Resource 17207-16823 17661-17084 19673-17086 17671-17084 17095-17086 17207-16823 17661-17084 19673-17086 17671-17084 17095-17086 Important 17207-16823 Important 17661-17084 19673-17086 Important 17671-17084 Important 17095-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17207-16823 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17661-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 19673-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17671-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17095-17086 CBL-Mariner Releases 17207-16823 19673-17086 17095-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 19673-17086 17095-17086 CBL-Mariner Releases CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 1.2 2024-11-01T00:00:00 <p>Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0</p> 1.3 2024-12-03T00:00:00 <p>Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0</p> 2.0 2026-02-18T02:54:25 <p>Information published.</p> 1.1 2024-10-12T00:00:00 <p>Information published.</p> Remote Code Execution in pypa/setuptools <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntr_ai Yes CVE-2024-6345 Improper Control of Generation of Code ('Code Injection') 17092-16823 17689-17084 17690-17084 17667-17084 17171-17086 19458-17084 17604-17084 18469-17084 19849-17086 19681-17086 17092-16823 17689-17084 17690-17084 17667-17084 17171-17086 19458-17084 17604-17084 18469-17084 19849-17086 19681-17086 Important 17092-16823 Important 17689-17084 Important 17690-17084 Important 17667-17084 Important 17171-17086 Important 19458-17084 Important 17604-17084 Important 18469-17084 19849-17086 Important 19681-17086 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 17092-16823 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 17689-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 17690-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 17667-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 17171-17086 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 19458-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 17604-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18469-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 19849-17086 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 19681-17086 CBL-Mariner Releases 17092-16823 19681-17086 No Security Update 3.9.19-12 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17092-16823 19681-17086 CBL-Mariner Releases CBL-Mariner Releases 17689-17084 19458-17084 No Security Update 69.0.3-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17689-17084 19458-17084 CBL-Mariner Releases CBL-Mariner Releases 17690-17084 No Security Update 24.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17690-17084 CBL-Mariner Releases 1.0 2024-10-15T00:00:00 <p>Information published.</p> 1.1 2025-04-12T00:00:00 <p>Added python3 to CBL-Mariner 2.0 Added python-setuptools to Azure Linux 3.0</p> 2.0 2026-02-18T01:40:06 <p>Information published.</p> ASN.1 date parser overread <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner curl Yes CVE-2024-7264 Out-of-bounds Read 17269-16823 17578-17084 19671-17084 19668-17086 19690-17084 17579-17084 17183-17086 17235-17086 19721-17086 19799-17086 17464-17084 19677-17086 17667-17084 19686-17084 17269-16823 17578-17084 19671-17084 19668-17086 19690-17084 17579-17084 17183-17086 17235-17086 19721-17086 19799-17086 17464-17084 19677-17086 17667-17084 19686-17084 Moderate 17269-16823 Moderate 17578-17084 Moderate 19671-17084 Moderate 19668-17086 Moderate 19690-17084 Moderate 17579-17084 Moderate 17183-17086 Moderate 17235-17086 19721-17086 Moderate 19799-17086 Moderate 17464-17084 19677-17086 Moderate 17667-17084 Moderate 19686-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17269-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17578-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19671-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19668-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19690-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17579-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17183-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17235-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19721-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19799-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17464-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 19677-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 17667-17084 6.3 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 19686-17084 CBL-Mariner Releases 17269-16823 No Security Update 1.68.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17269-16823 CBL-Mariner Releases CBL-Mariner Releases 17578-17084 17464-17084 No Security Update 3.30.3-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17578-17084 17464-17084 CBL-Mariner Releases CBL-Mariner Releases 19690-17084 17235-17086 19677-17086 No Security Update 8.0.40-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19690-17084 17235-17086 19677-17086 CBL-Mariner Releases CBL-Mariner Releases 17579-17084 No Security Update 8.11.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17579-17084 CBL-Mariner Releases 1.1 2024-10-25T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 1.2 2024-11-09T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 1.3 2024-12-04T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 1.4 2025-02-01T00:00:00 <p>Added cmake to Azure Linux 3.0 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 1.0 2024-10-23T00:00:00 <p>Information published.</p> 1.5 2025-03-13T00:00:00 <p>Added curl to Azure Linux 3.0 Added cmake to Azure Linux 3.0 Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 2.0 2026-02-19T01:04:00 <p>Information published.</p> io_uring: fix possible deadlock in io_register_iowq_max_workers() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41080 Improper Locking 17110-16823 17501-17084 19682-17086 19529-17084 18490-17086 17110-16823 17501-17084 19682-17086 19529-17084 18490-17086 Moderate 17110-16823 Moderate 17501-17084 19682-17086 Moderate 19529-17084 Moderate 18490-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19682-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19529-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18490-17086 CBL-Mariner Releases 17110-16823 No Security Update 5.15.176.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17110-16823 CBL-Mariner Releases CBL-Mariner Releases 17501-17084 No Security Update 6.6.64.2-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17501-17084 CBL-Mariner Releases CBL-Mariner Releases 19682-17086 19529-17084 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19682-17086 19529-17084 CBL-Mariner Releases 1.0 2025-09-03T20:09:58 <p>Information published.</p> 2.0 2026-02-18T15:06:33 <p>Information published.</p> ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2022-48841 NULL Pointer Dereference 17233-16823 19682-17086 18490-17086 17233-16823 19682-17086 18490-17086 Moderate 17233-16823 19682-17086 Moderate 18490-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17233-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19682-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18490-17086 CBL-Mariner Releases 17233-16823 19682-17086 18490-17086 No Security Update 5.15.162.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17233-16823 19682-17086 18490-17086 CBL-Mariner Releases 2.0 2026-02-18T01:42:52 <p>Information published.</p> 1.0 2024-08-10T00:00:00 <p>Information published.</p> 1.1 2024-09-11T00:00:00 <p>Information published.</p> 1.2 2024-12-03T00:00:00 <p>Added kernel to CBL-Mariner 2.0</p> Exiv2 has an out-of-bounds read in AsfVideo::streamProperties <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-39695 Out-of-bounds Read 17692-17084 17692-17084 Moderate 17692-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 17692-17084 CBL-Mariner Releases 17692-17084 No Security Update 0.28.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17692-17084 CBL-Mariner Releases 1.0 2025-03-14T00:00:00 <p>Information published.</p> Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner jpcert Yes CVE-2024-40897 Out-of-bounds Write 17673-17084 17673-17084 Important 17673-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 17673-17084 CBL-Mariner Releases 17673-17084 No Security Update 0.4.39-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17673-17084 CBL-Mariner Releases 1.0 2025-02-11T00:00:00 <p>Information published.</p> ice: Don't process extts if PTP is disabled <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42107 Time-of-check Time-of-use (TOCTOU) Race Condition 19683-17084 17087-17086 20412-17084 20555-17084 20553-17084 20613-17084 20725-17084 20925-17086 20956-17084 21094-17084 21093-17086 21248-17084 20788-17084 20823-17084 20860-17084 21308-17084 21332-17084 21344-17084 19683-17084 17087-17086 20412-17084 20555-17084 20553-17084 20613-17084 20725-17084 20925-17086 20956-17084 21094-17084 21093-17086 21248-17084 20788-17084 20823-17084 20860-17084 21308-17084 21332-17084 21344-17084 19683-17084 17087-17086 20412-17084 20555-17084 20553-17084 20613-17084 20725-17084 20925-17086 20956-17084 21094-17084 21093-17086 21248-17084 20788-17084 20823-17084 20860-17084 21308-17084 21332-17084 21344-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20555-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2025-09-03T21:14:36 <p>Information published.</p> 2.0 2025-12-07T01:35:22 <p>Information published.</p> 6.0 2026-03-03T14:49:33 <p>Information published.</p> 7.0 2026-03-04T14:46:21 <p>Information published.</p> 8.0 2026-03-31T15:08:05 <p>Information published.</p> 11.0 2026-05-11T01:50:24 <p>Information published.</p> 3.0 2026-01-08T14:49:43 <p>Information published.</p> 4.0 2026-01-20T14:49:53 <p>Information published.</p> 5.0 2026-02-19T01:44:46 <p>Information published.</p> 9.0 2026-04-29T14:57:23 <p>Information published.</p> 10.0 2026-05-06T14:51:48 <p>Information published.</p> 12.0 2026-05-17T14:51:12 <p>Information published.</p> drm/amd/display: Skip pipe if the pipe idx not set properly <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42064 19683-17084 20412-17084 20613-17084 20725-17084 20788-17084 20823-17084 20925-17086 21093-17086 21094-17084 21248-17084 17087-17086 20553-17084 20860-17084 20956-17084 21308-17084 21332-17084 21344-17084 19683-17084 20412-17084 20613-17084 20725-17084 20788-17084 20823-17084 20925-17086 21093-17086 21094-17084 21248-17084 17087-17086 20553-17084 20860-17084 20956-17084 21308-17084 21332-17084 21344-17084 19683-17084 Moderate 20412-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20925-17086 Moderate 21093-17086 Moderate 21094-17084 Moderate 21248-17084 Moderate 17087-17086 Moderate 20553-17084 Moderate 20860-17084 Moderate 20956-17084 Moderate 21308-17084 Moderate 21332-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2025-09-03T21:21:59 <p>Information published.</p> 2.0 2025-12-07T01:36:57 <p>Information published.</p> 4.0 2026-01-20T14:35:56 <p>Information published.</p> 5.0 2026-02-18T02:55:43 <p>Information published.</p> 6.0 2026-03-03T14:38:06 <p>Information published.</p> 8.0 2026-03-31T14:45:16 <p>Information published.</p> 9.0 2026-04-29T14:39:31 <p>Information published.</p> 10.0 2026-05-06T14:38:06 <p>Information published.</p> 11.0 2026-05-11T01:38:37 <p>Information published.</p> 3.0 2026-01-08T14:36:20 <p>Information published.</p> 7.0 2026-03-04T14:36:25 <p>Information published.</p> 12.0 2026-05-17T14:39:10 <p>Information published.</p> The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128 and Thunderbird < 128. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2024-6614 Loop with Unreachable Exit Condition (&#39;Infinite Loop&#39;) 18469-17084 18469-17084 18469-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 18469-17084 1.0 2025-09-03T21:29:10 <p>Information published.</p> drm/xe: Add a NULL check in xe_ttm_stolen_mgr_init <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42065 NULL Pointer Dereference 19683-17084 20553-17084 20613-17084 20725-17084 20823-17084 20860-17084 20925-17086 20956-17084 21093-17086 21248-17084 17087-17086 20412-17084 20788-17084 21094-17084 21308-17084 21332-17084 21344-17084 19683-17084 20553-17084 20613-17084 20725-17084 20823-17084 20860-17084 20925-17086 20956-17084 21093-17086 21248-17084 17087-17086 20412-17084 20788-17084 21094-17084 21308-17084 21332-17084 21344-17084 19683-17084 Moderate 20553-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 20925-17086 Moderate 20956-17084 Moderate 21093-17086 Moderate 21248-17084 Moderate 17087-17086 Moderate 20412-17084 Moderate 20788-17084 Moderate 21094-17084 Moderate 21308-17084 Moderate 21332-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2025-09-03T21:38:15 <p>Information published.</p> 2.0 2025-12-07T01:37:40 <p>Information published.</p> 4.0 2026-01-20T14:36:38 <p>Information published.</p> 5.0 2026-02-18T02:59:41 <p>Information published.</p> 6.0 2026-03-03T14:38:40 <p>Information published.</p> 7.0 2026-03-04T14:37:00 <p>Information published.</p> 8.0 2026-03-31T14:46:15 <p>Information published.</p> 9.0 2026-04-29T14:40:23 <p>Information published.</p> 10.0 2026-05-06T14:38:41 <p>Information published.</p> 11.0 2026-05-11T01:39:14 <p>Information published.</p> 3.0 2026-01-08T14:37:01 <p>Information published.</p> 12.0 2026-05-17T14:39:52 <p>Information published.</p> Rejected reason: This was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security model, and the associated CVE has been rescinded. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner HeroDevs Yes CVE-2024-6531 20091-17086 20372-17086 20777-17086 19604-17084 19720-17086 20373-17086 20091-17086 20372-17086 20777-17086 19604-17084 19720-17086 20373-17086 20091-17086 Moderate 20372-17086 Moderate 20777-17086 Moderate 19604-17084 19720-17086 Moderate 20373-17086 6.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L 20091-17086 6.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L 20372-17086 6.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L 20777-17086 6.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L 19604-17084 6.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L 19720-17086 6.4 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L 20373-17086 2.0 2026-01-03T01:35:52 <p>Information published.</p> 1.0 2025-09-03T21:41:07 <p>Information published.</p> 1.1 2025-12-18T14:35:13 <p>Information published.</p> A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2024-6601 Time-of-check Time-of-use (TOCTOU) Race Condition 18469-17084 18469-17084 18469-17084 4.7 4.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L 18469-17084 1.0 2025-09-03T21:39:51 <p>Information published.</p> drm/xe: Fix potential integer overflow in page size calculation <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42066 Integer Overflow or Wraparound 20412-17084 20613-17084 20725-17084 20788-17084 20823-17084 20860-17084 20956-17084 21093-17086 21094-17084 21248-17084 21308-17084 17087-17086 19683-17084 20553-17084 20925-17086 21332-17084 21344-17084 20412-17084 20613-17084 20725-17084 20788-17084 20823-17084 20860-17084 20956-17084 21093-17086 21094-17084 21248-17084 21308-17084 17087-17086 19683-17084 20553-17084 20925-17086 21332-17084 21344-17084 Moderate 20412-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 20956-17084 Moderate 21093-17086 Moderate 21094-17084 Moderate 21248-17084 Moderate 21308-17084 Moderate 17087-17086 19683-17084 Moderate 20553-17084 Moderate 20925-17086 Moderate 21332-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2025-09-03T21:47:12 <p>Information published.</p> 2.0 2025-12-07T01:37:20 <p>Information published.</p> 3.0 2026-01-08T14:36:40 <p>Information published.</p> 4.0 2026-01-20T14:36:17 <p>Information published.</p> 5.0 2026-02-18T03:02:17 <p>Information published.</p> 6.0 2026-03-03T14:39:15 <p>Information published.</p> 8.0 2026-03-31T14:47:15 <p>Information published.</p> 9.0 2026-04-29T14:39:58 <p>Information published.</p> 7.0 2026-03-04T14:36:43 <p>Information published.</p> 10.0 2026-05-06T14:38:23 <p>Information published.</p> 11.0 2026-05-11T01:38:55 <p>Information published.</p> 12.0 2026-05-17T14:39:31 <p>Information published.</p> bpf: Defer work in bpf_timer_cancel_and_free <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41045 20412-17084 20553-17084 20613-17084 20725-17084 20788-17084 20823-17084 20925-17086 20956-17084 21094-17084 19683-17084 17087-17086 20860-17084 21093-17086 21248-17084 21308-17084 21332-17084 21344-17084 20412-17084 20553-17084 20613-17084 20725-17084 20788-17084 20823-17084 20925-17086 20956-17084 21094-17084 19683-17084 17087-17086 20860-17084 21093-17086 21248-17084 21308-17084 21332-17084 21344-17084 Moderate 20412-17084 Moderate 20553-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20925-17086 Moderate 20956-17084 Moderate 21094-17084 19683-17084 Moderate 17087-17086 Moderate 20860-17084 Moderate 21093-17086 Moderate 21248-17084 Moderate 21308-17084 Moderate 21332-17084 Moderate 21344-17084 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 20412-17084 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 20553-17084 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 20613-17084 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 20725-17084 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 20788-17084 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 20823-17084 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 20925-17086 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 20956-17084 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 21094-17084 6.4 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 19683-17084 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 17087-17086 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 20860-17084 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 21093-17086 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 21248-17084 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 21308-17084 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 21332-17084 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H 21344-17084 2.0 2025-12-07T01:46:18 <p>Information published.</p> 7.0 2026-03-04T14:40:16 <p>Information published.</p> 8.0 2026-03-31T14:56:23 <p>Information published.</p> 1.0 2025-09-03T21:57:25 <p>Information published.</p> 3.0 2026-01-08T14:45:32 <p>Information published.</p> 4.0 2026-01-20T14:40:55 <p>Information published.</p> 5.0 2026-02-19T01:43:48 <p>Information published.</p> 6.0 2026-03-03T14:51:12 <p>Information published.</p> 9.0 2026-04-30T01:42:30 <p>Information published.</p> 10.0 2026-05-06T14:42:02 <p>Information published.</p> 11.0 2026-05-11T01:41:00 <p>Information published.</p> 12.0 2026-05-17T14:42:09 <p>Information published.</p> bpf: mark bpf_dummy_struct_ops.test_1 parameter as nullable <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42151 NULL Pointer Dereference 17087-17086 20412-17084 20788-17084 20823-17084 20925-17086 21093-17086 21248-17084 19683-17084 20553-17084 20613-17084 20725-17084 20860-17084 20956-17084 21094-17084 21308-17084 21332-17084 21344-17084 17087-17086 20412-17084 20788-17084 20823-17084 20925-17086 21093-17086 21248-17084 19683-17084 20553-17084 20613-17084 20725-17084 20860-17084 20956-17084 21094-17084 21308-17084 21332-17084 21344-17084 Moderate 17087-17086 Moderate 20412-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20925-17086 Moderate 21093-17086 Moderate 21248-17084 19683-17084 Moderate 20553-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20860-17084 Moderate 20956-17084 Moderate 21094-17084 Moderate 21308-17084 Moderate 21332-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 2.0 2025-12-07T01:49:56 <p>Information published.</p> 3.0 2026-01-08T14:47:57 <p>Information published.</p> 4.0 2026-01-20T14:48:01 <p>Information published.</p> 5.0 2026-02-18T14:11:33 <p>Information published.</p> 6.0 2026-03-03T14:38:15 <p>Information published.</p> 7.0 2026-03-04T14:44:59 <p>Information published.</p> 8.0 2026-03-31T14:50:00 <p>Information published.</p> 9.0 2026-04-29T14:54:46 <p>Information published.</p> 11.0 2026-05-11T01:48:38 <p>Information published.</p> 1.0 2025-09-03T22:03:13 <p>Information published.</p> 10.0 2026-05-06T14:49:52 <p>Information published.</p> 12.0 2026-05-17T14:49:26 <p>Information published.</p> drm/amdgpu: change vm->task_info handling <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41008 19683-17084 20553-17084 20613-17084 20725-17084 20788-17084 21094-17084 21093-17086 21248-17084 20412-17084 17087-17086 20823-17084 20860-17084 20925-17086 20956-17084 21308-17084 21332-17084 21344-17084 19683-17084 20553-17084 20613-17084 20725-17084 20788-17084 21094-17084 21093-17086 21248-17084 20412-17084 17087-17086 20823-17084 20860-17084 20925-17086 20956-17084 21308-17084 21332-17084 21344-17084 19683-17084 Moderate 20553-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 21094-17084 Moderate 21093-17086 Moderate 21248-17084 Moderate 20412-17084 Moderate 17087-17086 Moderate 20823-17084 Moderate 20860-17084 Moderate 20925-17086 Moderate 20956-17084 Moderate 21308-17084 Moderate 21332-17084 Moderate 21344-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.6 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H/E:U 20553-17084 5.6 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H/E:U 20613-17084 5.6 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H/E:U 20725-17084 5.6 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H/E:U 20788-17084 5.6 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H/E:U 21094-17084 5.6 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H/E:U 21093-17086 5.6 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H/E:U 21248-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.6 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H/E:U 17087-17086 5.6 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H/E:U 20823-17084 5.6 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H/E:U 20860-17084 5.6 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H/E:U 20925-17086 5.6 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H/E:U 20956-17084 5.6 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H/E:U 21308-17084 5.6 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H/E:U 21332-17084 5.6 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H/E:U 21344-17084 2.0 2025-12-07T01:41:01 <p>Information published.</p> 4.0 2026-01-20T14:50:43 <p>Information published.</p> 5.0 2026-02-19T01:52:40 <p>Information published.</p> 6.0 2026-03-03T14:59:14 <p>Information published.</p> 7.0 2026-03-04T14:45:21 <p>Information published.</p> 8.0 2026-03-31T15:18:45 <p>Information published.</p> 9.0 2026-04-29T14:56:13 <p>Information published.</p> 1.0 2025-09-03T22:10:57 <p>Information published.</p> 3.0 2026-01-08T14:38:02 <p>Information published.</p> 10.0 2026-05-06T14:49:58 <p>Information published.</p> 11.0 2026-05-11T01:48:25 <p>Information published.</p> 12.0 2026-05-17T14:49:24 <p>Information published.</p> wifi: mt76: mt7921s: fix potential hung tasks during chip recovery <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-40977 Improper Locking 17087-17086 21093-17086 20925-17086 17087-17086 21093-17086 20925-17086 Moderate 17087-17086 Moderate 21093-17086 Moderate 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 1.0 2025-09-03T22:11:37 <p>Information published.</p> 2.0 2026-03-03T14:50:16 <p>Information published.</p> 3.0 2026-03-31T15:05:23 <p>Information published.</p> Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2024-6604 Buffer Copy without Checking Size of Input (&#39;Classic Buffer Overflow&#39;) 18469-17084 18469-17084 18469-17084 7.5 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 18469-17084 1.0 2025-09-03T22:18:21 <p>Information published.</p> media: mtk-vcodec: potential null pointer deference in SCP <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-40973 NULL Pointer Dereference 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 2.0 2026-03-03T14:50:50 <p>Information published.</p> 1.0 2025-09-03T22:20:26 <p>Information published.</p> 3.0 2026-03-31T15:06:05 <p>Information published.</p> wifi: ath12k: fix kernel crash during resume <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-40979 Missing Release of Memory after Effective Lifetime 19529-17084 19529-17084 Moderate 19529-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 19529-17084 1.0 2025-09-03T22:21:56 <p>Information published.</p> 1.1 2026-02-18T01:09:29 <p>Information published.</p> vhost_task: Handle SIGKILL by flushing work and exiting <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42135 21093-17086 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 1.0 2025-09-03T22:23:09 <p>Information published.</p> 3.0 2026-03-31T14:51:25 <p>Information published.</p> 2.0 2026-03-03T14:39:05 <p>Information published.</p> f2fs: don't set RO when shutting down f2fs <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-40969 Improper Locking 17087-17086 21093-17086 20925-17086 17087-17086 21093-17086 20925-17086 Moderate 17087-17086 Moderate 21093-17086 Moderate 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 3.0 2026-03-31T15:06:28 <p>Information published.</p> 1.0 2025-09-03T22:22:53 <p>Information published.</p> 2.0 2026-03-03T14:51:06 <p>Information published.</p> Unintentional exposure of environment variables to subprocesses in sentry-sdk <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-40647 Exposure of Sensitive Information to an Unauthorized Actor 18469-17084 18469-17084 Moderate 18469-17084 5.3 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 18469-17084 1.0 2025-09-03T22:23:12 <p>Information published.</p> 1.1 2026-02-18T02:15:09 <p>Information published.</p> nvme-fabrics: use reserved tag for reg read/write command <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41082 19683-17084 20412-17084 20613-17084 20725-17084 20788-17084 20823-17084 20925-17086 21094-17084 21093-17086 21248-17084 17087-17086 20553-17084 20860-17084 20956-17084 21308-17084 21332-17084 21344-17084 19683-17084 20412-17084 20613-17084 20725-17084 20788-17084 20823-17084 20925-17086 21094-17084 21093-17086 21248-17084 17087-17086 20553-17084 20860-17084 20956-17084 21308-17084 21332-17084 21344-17084 19683-17084 Moderate 20412-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20925-17086 Moderate 21094-17084 Moderate 21093-17086 Moderate 21248-17084 Moderate 17087-17086 Moderate 20553-17084 Moderate 20860-17084 Moderate 20956-17084 Moderate 21308-17084 Moderate 21332-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 2.0 2025-12-07T01:47:24 <p>Information published.</p> 3.0 2026-01-08T14:46:23 <p>Information published.</p> 4.0 2026-01-20T14:41:58 <p>Information published.</p> 5.0 2026-02-19T01:44:48 <p>Information published.</p> 6.0 2026-03-03T15:02:05 <p>Information published.</p> 7.0 2026-03-04T14:40:58 <p>Information published.</p> 8.0 2026-03-31T14:59:19 <p>Information published.</p> 9.0 2026-04-29T14:48:16 <p>Information published.</p> 11.0 2026-05-11T01:41:43 <p>Information published.</p> 1.0 2025-09-03T22:24:01 <p>Information published.</p> 10.0 2026-05-06T14:42:49 <p>Information published.</p> 12.0 2026-05-17T14:42:55 <p>Information published.</p> Memory safety bugs present in Firefox 127 and Thunderbird 127. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 128 and Thunderbird < 128. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2024-6615 Out-of-bounds Write 18469-17084 18469-17084 18469-17084 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 18469-17084 1.0 2025-09-03T22:26:00 <p>Information published.</p> virtio-pci: Check if is_avq is NULL <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42134 NULL Pointer Dereference 20613-17084 20725-17084 20788-17084 20823-17084 20925-17086 20956-17084 21094-17084 21093-17086 21248-17084 21332-17084 19683-17084 17087-17086 20412-17084 20553-17084 20860-17084 21308-17084 21344-17084 20613-17084 20725-17084 20788-17084 20823-17084 20925-17086 20956-17084 21094-17084 21093-17086 21248-17084 21332-17084 19683-17084 17087-17086 20412-17084 20553-17084 20860-17084 21308-17084 21344-17084 20613-17084 20725-17084 20788-17084 20823-17084 20925-17086 20956-17084 21094-17084 21093-17086 21248-17084 21332-17084 19683-17084 17087-17086 20412-17084 20553-17084 20860-17084 21308-17084 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2025-09-03T22:33:07 <p>Information published.</p> 2.0 2025-12-07T01:50:15 <p>Information published.</p> 3.0 2026-01-08T14:48:12 <p>Information published.</p> 4.0 2026-01-20T14:48:22 <p>Information published.</p> 6.0 2026-03-03T14:39:57 <p>Information published.</p> 7.0 2026-03-04T14:45:13 <p>Information published.</p> 8.0 2026-03-31T14:52:38 <p>Information published.</p> 9.0 2026-04-29T14:55:12 <p>Information published.</p> 11.0 2026-05-11T01:48:56 <p>Information published.</p> 5.0 2026-02-18T14:17:00 <p>Information published.</p> 10.0 2026-05-06T14:50:35 <p>Information published.</p> 12.0 2026-05-17T14:49:43 <p>Information published.</p> ibmvnic: Add tx check to prevent skb leak <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41066 Missing Release of Memory after Effective Lifetime 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 3.0 2026-03-31T15:07:14 <p>Information published.</p> 1.0 2025-09-03T22:36:21 <p>Information published.</p> 2.0 2026-03-03T14:51:42 <p>Information published.</p> CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened. This vulnerability affects Firefox < 128 and Thunderbird < 128. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2024-6612 Exposure of Sensitive Information to an Unauthorized Actor 18469-17084 18469-17084 Moderate 18469-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 18469-17084 1.0 2025-09-03T22:46:00 <p>Information published.</p> 1.1 2026-02-18T02:21:04 <p>Information published.</p> In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2024-6603 Use of Out-of-range Pointer Offset 18469-17084 18469-17084 Moderate 18469-17084 7.4 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 18469-17084 1.0 2025-09-03T22:54:02 <p>Information published.</p> 1.1 2026-02-18T02:22:42 <p>Information published.</p> net: ena: Add validation for completion descriptors consistency <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-40999 20613-17084 20788-17084 20925-17086 20956-17084 21094-17084 21093-17086 21248-17084 21332-17084 19683-17084 20412-17084 17087-17086 20553-17084 20725-17084 20823-17084 20860-17084 21308-17084 21344-17084 20613-17084 20788-17084 20925-17086 20956-17084 21094-17084 21093-17086 21248-17084 21332-17084 19683-17084 20412-17084 17087-17086 20553-17084 20725-17084 20823-17084 20860-17084 21308-17084 21344-17084 Moderate 20613-17084 Moderate 20788-17084 Moderate 20925-17086 Moderate 20956-17084 Moderate 21094-17084 Moderate 21093-17086 Moderate 21248-17084 Moderate 21332-17084 19683-17084 Moderate 20412-17084 Moderate 17087-17086 Moderate 20553-17084 Moderate 20725-17084 Moderate 20823-17084 Moderate 20860-17084 Moderate 21308-17084 Moderate 21344-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20613-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20925-17086 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20956-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 21093-17086 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 21248-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 21332-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19683-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 17087-17086 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20553-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20725-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20823-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 20860-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 21308-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2025-09-03T22:58:28 <p>Information published.</p> 2.0 2025-12-07T01:49:02 <p>Information published.</p> 3.0 2026-01-08T14:47:28 <p>Information published.</p> 4.0 2026-01-20T14:43:25 <p>Information published.</p> 5.0 2026-02-19T01:45:56 <p>Information published.</p> 7.0 2026-03-04T14:41:39 <p>Information published.</p> 8.0 2026-03-31T15:02:52 <p>Information published.</p> 6.0 2026-03-03T14:58:57 <p>Information published.</p> 9.0 2026-04-29T14:49:18 <p>Information published.</p> 10.0 2026-05-06T14:43:55 <p>Information published.</p> 11.0 2026-05-11T01:42:46 <p>Information published.</p> 12.0 2026-05-17T14:43:58 <p>Information published.</p> drm/amd/display: Do not return negative stream id for array <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42118 19683-17084 20412-17084 20553-17084 20613-17084 20725-17084 20860-17084 20956-17084 21094-17084 21093-17086 21248-17084 17087-17086 20788-17084 20823-17084 20925-17086 21308-17084 21332-17084 21344-17084 19683-17084 20412-17084 20553-17084 20613-17084 20725-17084 20860-17084 20956-17084 21094-17084 21093-17086 21248-17084 17087-17086 20788-17084 20823-17084 20925-17086 21308-17084 21332-17084 21344-17084 19683-17084 Moderate 20412-17084 Moderate 20553-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20860-17084 Moderate 20956-17084 Moderate 21094-17084 Important 21093-17086 Moderate 21248-17084 Important 17087-17086 Moderate 20788-17084 Moderate 20823-17084 Important 20925-17086 Moderate 21308-17084 Moderate 21332-17084 Moderate 21344-17084 5.2 5.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H 19683-17084 5.2 5.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H 20412-17084 5.2 5.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H 20553-17084 5.2 5.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H 20613-17084 5.2 5.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H 20725-17084 5.2 5.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H 20860-17084 5.2 5.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H 20956-17084 5.2 5.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H 21094-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 21093-17086 5.2 5.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H 21248-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17087-17086 5.2 5.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H 20788-17084 5.2 5.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H 20823-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 20925-17086 5.2 5.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H 21308-17084 5.2 5.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H 21332-17084 5.2 5.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H 21344-17084 1.0 2025-09-03T23:06:42 <p>Information published.</p> 2.0 2025-12-07T01:49:19 <p>Information published.</p> 3.0 2026-01-08T14:47:45 <p>Information published.</p> 4.0 2026-01-20T14:43:45 <p>Information published.</p> 5.0 2026-02-19T01:46:12 <p>Information published.</p> 6.0 2026-03-03T14:54:15 <p>Information published.</p> 8.0 2026-03-31T15:03:26 <p>Information published.</p> 9.0 2026-04-29T14:49:31 <p>Information published.</p> 7.0 2026-03-04T14:41:46 <p>Information published.</p> 10.0 2026-05-06T14:44:04 <p>Information published.</p> 11.0 2026-05-11T01:42:55 <p>Information published.</p> 12.0 2026-05-17T14:44:07 <p>Information published.</p> Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox < 128 and Thunderbird < 128. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2024-6610 18469-17084 18469-17084 Moderate 18469-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 18469-17084 1.0 2025-09-03T23:12:15 <p>Information published.</p> 1.1 2026-02-18T02:27:50 <p>Information published.</p> crypto: starfive - Do not free stack buffer <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-39478 Allocation of Resources Without Limits or Throttling 19683-17084 20553-17084 20613-17084 20725-17084 20823-17084 20860-17084 20956-17084 21094-17084 21248-17084 21332-17084 20412-17084 20788-17084 21308-17084 21344-17084 19683-17084 20553-17084 20613-17084 20725-17084 20823-17084 20860-17084 20956-17084 21094-17084 21248-17084 21332-17084 20412-17084 20788-17084 21308-17084 21344-17084 19683-17084 20553-17084 20613-17084 20725-17084 20823-17084 20860-17084 20956-17084 21094-17084 21248-17084 21332-17084 20412-17084 20788-17084 21308-17084 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2025-09-03T23:18:48 <p>Information published.</p> 2.0 2025-12-07T01:49:52 <p>Information published.</p> 3.0 2026-01-08T14:48:19 <p>Information published.</p> 4.0 2026-01-20T14:44:28 <p>Information published.</p> 5.0 2026-02-19T01:46:41 <p>Information published.</p> 6.0 2026-03-04T14:42:06 <p>Information published.</p> 8.0 2026-04-29T14:50:21 <p>Information published.</p> 10.0 2026-05-11T01:43:32 <p>Information published.</p> 7.0 2026-03-31T15:05:38 <p>Information published.</p> 9.0 2026-05-06T14:44:40 <p>Information published.</p> 11.0 2026-05-17T14:44:42 <p>Information published.</p> It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox < 128 and Thunderbird < 128. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2024-6608 18469-17084 18469-17084 Moderate 18469-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 18469-17084 1.0 2025-09-03T23:24:05 <p>Information published.</p> 1.1 2026-02-18T02:30:11 <p>Information published.</p> btrfs: scrub: handle RST lookup error correctly <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41067 20412-17084 20613-17084 20725-17084 20788-17084 20823-17084 20925-17086 21094-17084 21093-17086 21332-17084 19683-17084 17087-17086 20553-17084 20860-17084 20956-17084 21248-17084 21308-17084 21344-17084 20412-17084 20613-17084 20725-17084 20788-17084 20823-17084 20925-17086 21094-17084 21093-17086 21332-17084 19683-17084 17087-17086 20553-17084 20860-17084 20956-17084 21248-17084 21308-17084 21344-17084 Moderate 20412-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20823-17084 Moderate 20925-17086 Moderate 21094-17084 Moderate 21093-17086 Moderate 21332-17084 19683-17084 Moderate 17087-17086 Moderate 20553-17084 Moderate 20860-17084 Moderate 20956-17084 Moderate 21248-17084 Moderate 21308-17084 Moderate 21344-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2025-09-04T00:39:06 <p>Information published.</p> 2.0 2025-12-07T01:37:14 <p>Information published.</p> 3.0 2026-01-08T14:50:33 <p>Information published.</p> 4.0 2026-01-20T14:47:15 <p>Information published.</p> 5.0 2026-02-19T01:48:52 <p>Information published.</p> 6.0 2026-03-03T15:01:30 <p>Information published.</p> 8.0 2026-03-31T15:13:03 <p>Information published.</p> 11.0 2026-05-11T01:45:45 <p>Information published.</p> 7.0 2026-03-04T14:43:30 <p>Information published.</p> 9.0 2026-04-30T01:46:36 <p>Information published.</p> 10.0 2026-05-06T14:47:22 <p>Information published.</p> 12.0 2026-05-17T14:46:49 <p>Information published.</p> ksmbd: discard write access to the directory open <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41030 NULL Pointer Dereference 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-09-27T01:02:35 <p>Information published.</p> ASoC: topology: Fix references to freed memory <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41069 Use After Free 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 Important 17087-17086 Important 20925-17086 Important 21093-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17087-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20925-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 21093-17086 1.0 2025-09-28T01:01:40 <p>Information published.</p> 2.0 2026-03-03T14:52:28 <p>Information published.</p> 3.0 2026-03-31T15:13:25 <p>Information published.</p> io_uring/io-wq: Use set_bit() and test_bit() at worker->flags <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-39508 Concurrent Execution using Shared Resource with Improper Synchronization (&#39;Race Condition&#39;) 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 17087-17086 Moderate 20925-17086 Moderate 21093-17086 Moderate 17087-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-10-05T01:01:52 <p>Information published.</p> 2.0 2026-03-03T14:56:48 <p>Information published.</p> 3.0 2026-03-31T15:18:10 <p>Information published.</p> SUNRPC: lock against ->sock changing during sysfs read <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2022-48816 NULL Pointer Dereference 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 17087-17086 Moderate 20925-17086 Moderate 21093-17086 Moderate 17087-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-10-08T01:01:25 <p>Information published.</p> 2.0 2026-03-03T14:57:45 <p>Information published.</p> 3.0 2026-03-31T15:18:48 <p>Information published.</p> net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42110 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-10-10T14:35:18 <p>Information published.</p> media: mediatek: vcodec: Only free buffer VA that is not NULL <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2023-52888 Double Free 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-10-10T14:35:12 <p>Information published.</p> bluetooth/l2cap: sync sock recv cb and release <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41062 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-10-11T01:01:26 <p>Information published.</p> nvmet: always initialize cqe.result <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41079 20925-17086 17087-17086 21093-17086 20925-17086 17087-17086 21093-17086 Moderate 20925-17086 Moderate 17087-17086 Moderate 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 21093-17086 1.0 2025-10-11T01:01:36 <p>Information published.</p> 2.0 2026-03-03T15:01:47 <p>Information published.</p> 3.0 2026-03-31T14:39:01 <p>Information published.</p> btrfs: skip reserved bytes warning on unmount after log cleanup failure Mariner Linux Yes CVE-2022-48833 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 17087-17086 1.0 2026-02-18T14:49:03 <p>Information published.</p> OpenSSL: CVE-2023-0464 Excessive Resource Usage Verifying X.509 Policy Constraints https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 Mariner OpenSSL Software Foundation Yes CVE-2023-0464 12139 12140 12137 12138 12356 12357 12139 12140 12137 12138 12356 12357 12139 12140 12137 12138 12356 12357 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12139 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12140 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12137 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12138 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12356 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12357 edk2 12139 edk2-ovmf-20230301gitf80f052277c8-34.cm2.noarch.rpm 0001-01-01T00:00:00 edk2-tools-20230301gitf80f052277c8-34.cm2.x86_64.rpm 0001-01-01T00:00:00 edk2-tools-doc-20230301gitf80f052277c8-34.cm2.noarch.rpm 0001-01-01T00:00:00 edk2-ovmf-ia32-20230301gitf80f052277c8-34.cm2.noarch.rpm 0001-01-01T00:00:00 edk2-ovmf-xen-20230301gitf80f052277c8-34.cm2.noarch.rpm 0001-01-01T00:00:00 edk2-ext4-20230301gitf80f052277c8-34.cm2.noarch.rpm 0001-01-01T00:00:00 edk2-tools-python-20230301gitf80f052277c8-34.cm2.noarch.rpm 0001-01-01T00:00:00 edk2-debuginfo-20230301gitf80f052277c8-34.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 20230301gitf80f052277c8-34 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 12139 edk2 hvloader 12139 hvloader-1.0.1-3.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.0.1-3 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 12139 hvloader nodejs18 12139 nodejs18-18.17.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 nodejs18-devel-18.17.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 nodejs18-debuginfo-18.17.1-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 18.17.1-2 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 12139 nodejs18 openssl 12139 openssl-1.1.1k-22.cm2.x86_64.rpm 0001-01-01T00:00:00 openssl-libs-1.1.1k-22.cm2.x86_64.rpm 0001-01-01T00:00:00 openssl-devel-1.1.1k-22.cm2.x86_64.rpm 0001-01-01T00:00:00 openssl-static-1.1.1k-22.cm2.x86_64.rpm 0001-01-01T00:00:00 openssl-perl-1.1.1k-22.cm2.x86_64.rpm 0001-01-01T00:00:00 openssl-debuginfo-1.1.1k-22.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.1.1k-22 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 12139 openssl edk2 12140 CBL-Mariner 20230301gitf80f052277c8-34 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 12140 edk2 hvloader 12140 CBL-Mariner 1.0.1-3 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 12140 hvloader nodejs18 12140 nodejs18-18.17.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 nodejs18-devel-18.17.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 nodejs18-debuginfo-18.17.1-2.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 18.17.1-2 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 12140 nodejs18 openssl 12140 openssl-1.1.1k-22.cm2.aarch64.rpm 0001-01-01T00:00:00 openssl-libs-1.1.1k-22.cm2.aarch64.rpm 0001-01-01T00:00:00 openssl-devel-1.1.1k-22.cm2.aarch64.rpm 0001-01-01T00:00:00 openssl-static-1.1.1k-22.cm2.aarch64.rpm 0001-01-01T00:00:00 openssl-perl-1.1.1k-22.cm2.aarch64.rpm 0001-01-01T00:00:00 openssl-debuginfo-1.1.1k-22.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.1.1k-22 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 12140 openssl openssl 12137 openssl-1.1.1k-15.cm1.x86_64.rpm 0001-01-01T00:00:00 openssl-libs-1.1.1k-15.cm1.x86_64.rpm 0001-01-01T00:00:00 openssl-devel-1.1.1k-15.cm1.x86_64.rpm 0001-01-01T00:00:00 openssl-static-1.1.1k-15.cm1.x86_64.rpm 0001-01-01T00:00:00 openssl-perl-1.1.1k-15.cm1.x86_64.rpm 0001-01-01T00:00:00 openssl-debuginfo-1.1.1k-15.cm1.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.1.1k-15 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 12137 openssl openssl 12138 openssl-1.1.1k-15.cm1.aarch64.rpm 0001-01-01T00:00:00 openssl-libs-1.1.1k-15.cm1.aarch64.rpm 0001-01-01T00:00:00 openssl-devel-1.1.1k-15.cm1.aarch64.rpm 0001-01-01T00:00:00 openssl-static-1.1.1k-15.cm1.aarch64.rpm 0001-01-01T00:00:00 openssl-perl-1.1.1k-15.cm1.aarch64.rpm 0001-01-01T00:00:00 openssl-debuginfo-1.1.1k-15.cm1.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.1.1k-15 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 12138 openssl edk2 12356 edk2-ovmf-20240223gitedc6681206c1-1.azl3.noarch.rpm 0001-01-01T00:00:00 edk2-tools-20240223gitedc6681206c1-1.azl3.x86_64.rpm 0001-01-01T00:00:00 edk2-tools-doc-20240223gitedc6681206c1-1.azl3.noarch.rpm 0001-01-01T00:00:00 edk2-ovmf-ia32-20240223gitedc6681206c1-1.azl3.noarch.rpm 0001-01-01T00:00:00 edk2-ovmf-xen-20240223gitedc6681206c1-1.azl3.noarch.rpm 0001-01-01T00:00:00 edk2-experimental-20240223gitedc6681206c1-1.azl3.noarch.rpm 0001-01-01T00:00:00 edk2-ext4-20240223gitedc6681206c1-1.azl3.noarch.rpm 0001-01-01T00:00:00 edk2-tools-python-20240223gitedc6681206c1-1.azl3.noarch.rpm 0001-01-01T00:00:00 CBL-Mariner 20230301gitf80f052277c8-37 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 12356 edk2 edk2 12357 CBL-Mariner 20230301gitf80f052277c8-37 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 12357 edk2 Gus Catalano with Microsoft Ray Reskusich with Microsoft Philemon Orphee Favrod with Microsoft 1.0 2023-03-27T00:00:00 <p>Information published.</p> 1.1 2023-04-24T00:00:00 <p>Added nodejs18 to CBL-Mariner 2.0</p> 1.2 2023-10-11T00:00:00 <p>Added edk2 to CBL-Mariner 2.0</p> 1.3 2024-04-06T00:00:00 <p>Added hvloader to CBL-Mariner 2.0</p> 1.4 2024-06-30T07:00:00 <p>Information published.</p> 1.5 2024-07-12T00:00:00 <p>Information published.</p> SIG(0) can be used to exhaust CPU resources <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner isc Yes CVE-2024-1975 Allocation of Resources Without Limits or Throttling 17676-17084 19739-17086 19750-17086 18169-17084 17676-17084 19739-17086 19750-17086 18169-17084 Important 17676-17084 Important 19739-17086 Important 19750-17086 Important 18169-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17676-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19739-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19750-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18169-17084 CBL-Mariner Releases 17676-17084 18169-17084 No Security Update 9.20.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17676-17084 18169-17084 CBL-Mariner Releases CBL-Mariner Releases 19739-17086 No Security Update 9.16.50-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19739-17086 CBL-Mariner Releases CBL-Mariner Releases 19750-17086 No Security Update 4.4.3.P1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19750-17086 CBL-Mariner Releases 1.0 2024-08-15T00:00:00 <p>Information published.</p> 1.1 2024-08-18T00:00:00 <p>Information published.</p> 1.2 2026-02-18T02:38:02 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2024-20996 17218-16823 17607-17084 19677-17086 19690-17084 17235-17086 17218-16823 17607-17084 19677-17086 19690-17084 17235-17086 Moderate 17218-16823 Moderate 17607-17084 19677-17086 Moderate 19690-17084 Moderate 17235-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17218-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17607-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19677-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19690-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17235-17086 CBL-Mariner Releases 17218-16823 17607-17084 19677-17086 19690-17084 17235-17086 No Security Update 8.0.40-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17218-16823 17607-17084 19677-17086 19690-17084 17235-17086 CBL-Mariner Releases 1.1 2024-10-25T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 1.2 2024-11-09T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 2.0 2026-02-18T14:27:20 <p>Information published.</p> 1.0 2024-10-23T00:00:00 <p>Information published.</p> 1.3 2024-12-04T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2024-21125 17218-16823 17607-17084 19677-17086 17235-17086 19690-17084 17218-16823 17607-17084 19677-17086 17235-17086 19690-17084 Moderate 17218-16823 Moderate 17607-17084 19677-17086 Moderate 17235-17086 Moderate 19690-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17218-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17607-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19677-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17235-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19690-17084 CBL-Mariner Releases 17218-16823 17607-17084 19677-17086 17235-17086 19690-17084 No Security Update 8.0.40-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17218-16823 17607-17084 19677-17086 17235-17086 19690-17084 CBL-Mariner Releases 1.0 2024-10-23T00:00:00 <p>Information published.</p> 1.2 2024-11-09T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 1.1 2024-10-25T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 1.3 2024-12-04T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 2.0 2026-02-18T14:31:44 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2024-21129 17218-16823 17607-17084 19677-17086 19690-17084 17235-17086 17218-16823 17607-17084 19677-17086 19690-17084 17235-17086 Moderate 17218-16823 Moderate 17607-17084 19677-17086 Moderate 19690-17084 Moderate 17235-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17218-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17607-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19677-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19690-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17235-17086 CBL-Mariner Releases 17218-16823 17607-17084 19677-17086 19690-17084 17235-17086 No Security Update 8.0.40-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17218-16823 17607-17084 19677-17086 19690-17084 17235-17086 CBL-Mariner Releases 1.0 2024-10-23T00:00:00 <p>Information published.</p> 1.2 2024-11-09T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 1.3 2024-12-04T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 1.1 2024-10-25T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 2.0 2026-02-18T14:26:41 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2024-21134 17218-16823 17607-17084 19677-17086 17235-17086 19690-17084 17218-16823 17607-17084 19677-17086 17235-17086 19690-17084 Moderate 17218-16823 Moderate 17607-17084 19677-17086 Moderate 17235-17086 Moderate 19690-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 17218-16823 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 17607-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 19677-17086 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 17235-17086 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 19690-17084 CBL-Mariner Releases 17218-16823 17607-17084 19677-17086 17235-17086 19690-17084 No Security Update 8.0.40-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17218-16823 17607-17084 19677-17086 17235-17086 19690-17084 CBL-Mariner Releases 1.1 2024-10-25T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 1.2 2024-11-09T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 1.0 2024-10-23T00:00:00 <p>Information published.</p> 1.3 2024-12-04T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 2.0 2026-02-18T14:30:38 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2024-21142 17218-16823 17607-17084 19690-17084 17235-17086 19677-17086 17218-16823 17607-17084 19690-17084 17235-17086 19677-17086 Moderate 17218-16823 Moderate 17607-17084 Moderate 19690-17084 Moderate 17235-17086 19677-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17218-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17607-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19690-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17235-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19677-17086 CBL-Mariner Releases 17218-16823 17607-17084 19690-17084 17235-17086 19677-17086 No Security Update 8.0.40-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17218-16823 17607-17084 19690-17084 17235-17086 19677-17086 CBL-Mariner Releases 1.0 2024-10-23T00:00:00 <p>Information published.</p> 1.1 2024-10-25T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 1.2 2024-11-09T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 2.0 2026-02-18T14:32:20 <p>Information published.</p> 1.3 2024-12-04T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2024-21157 17218-16823 17607-17084 19677-17086 19690-17084 17235-17086 17218-16823 17607-17084 19677-17086 19690-17084 17235-17086 Moderate 17218-16823 Moderate 17607-17084 19677-17086 Moderate 19690-17084 Moderate 17235-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17218-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17607-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19677-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19690-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17235-17086 CBL-Mariner Releases 17218-16823 17607-17084 19677-17086 19690-17084 17235-17086 No Security Update 8.0.40-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17218-16823 17607-17084 19677-17086 19690-17084 17235-17086 CBL-Mariner Releases 1.0 2024-10-23T00:00:00 <p>Information published.</p> 1.2 2024-11-09T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 1.3 2024-12-04T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 2.0 2026-02-18T14:31:11 <p>Information published.</p> 1.1 2024-10-25T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2024-21162 17218-16823 17607-17084 19677-17086 17235-17086 19690-17084 17218-16823 17607-17084 19677-17086 17235-17086 19690-17084 Moderate 17218-16823 Moderate 17607-17084 19677-17086 Moderate 17235-17086 Moderate 19690-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17218-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17607-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19677-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17235-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19690-17084 CBL-Mariner Releases 17218-16823 17607-17084 19677-17086 17235-17086 19690-17084 No Security Update 8.0.40-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17218-16823 17607-17084 19677-17086 17235-17086 19690-17084 CBL-Mariner Releases 1.2 2024-11-09T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 2.0 2026-02-18T14:33:26 <p>Information published.</p> 1.0 2024-10-23T00:00:00 <p>Information published.</p> 1.1 2024-10-25T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 1.3 2024-12-04T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 8.0.37 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2024-21165 17218-16823 17607-17084 19677-17086 17235-17086 19690-17084 17218-16823 17607-17084 19677-17086 17235-17086 19690-17084 Moderate 17218-16823 Moderate 17607-17084 19677-17086 Moderate 17235-17086 Moderate 19690-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17218-16823 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17607-17084 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19677-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17235-17086 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19690-17084 CBL-Mariner Releases 17218-16823 17607-17084 19677-17086 17235-17086 19690-17084 No Security Update 8.0.40-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17218-16823 17607-17084 19677-17086 17235-17086 19690-17084 CBL-Mariner Releases 1.1 2024-10-25T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 1.2 2024-11-09T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 2.0 2026-02-18T15:17:12 <p>Information published.</p> 1.0 2024-10-23T00:00:00 <p>Information published.</p> 1.3 2024-12-04T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2024-21171 17218-16823 17607-17084 19690-17084 19677-17086 17235-17086 17218-16823 17607-17084 19690-17084 19677-17086 17235-17086 Moderate 17218-16823 Moderate 17607-17084 Moderate 19690-17084 19677-17086 Moderate 17235-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17218-16823 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17607-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19690-17084 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19677-17086 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17235-17086 CBL-Mariner Releases 17218-16823 17607-17084 19690-17084 19677-17086 17235-17086 No Security Update 8.0.40-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17218-16823 17607-17084 19690-17084 19677-17086 17235-17086 CBL-Mariner Releases 1.2 2024-11-09T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 1.3 2024-12-04T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> 2.0 2026-02-18T02:31:30 <p>Information published.</p> 1.0 2024-10-23T00:00:00 <p>Information published.</p> 1.1 2024-10-25T00:00:00 <p>Added mysql to Azure Linux 3.0 Added mysql to CBL-Mariner 2.0</p> Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2 <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner apache Yes CVE-2024-36387 NULL Pointer Dereference 17283-16823 17684-17084 19781-17084 19775-17086 17357-17086 17283-16823 17684-17084 19781-17084 19775-17086 17357-17086 Moderate 17283-16823 Moderate 17684-17084 19781-17084 19775-17086 17357-17086 5.4 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L 17283-16823 5.4 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L 17684-17084 5.4 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L 19781-17084 5.4 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L 19775-17086 5.4 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L 17357-17086 CBL-Mariner Releases 17283-16823 17684-17084 19781-17084 19775-17086 17357-17086 No Security Update 2.4.61-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17283-16823 17684-17084 19781-17084 19775-17086 17357-17086 CBL-Mariner Releases 1.3 2024-12-03T00:00:00 <p>Added httpd to CBL-Mariner 2.0 Added httpd to Azure Linux 3.0</p> 1.0 2024-07-19T00:00:00 <p>Information published.</p> 1.1 2024-08-15T00:00:00 <p>Information published.</p> 1.2 2024-09-11T00:00:00 <p>Information published.</p> 2.0 2026-02-18T01:14:09 <p>Information published.</p> Denial of Service via Quadratic Complexity in kjd/idna <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner @huntr_ai Yes CVE-2024-3651 17281-16823 17693-17084 17541-17084 17694-17084 19681-17086 17171-17086 17545-17084 19870-17086 19875-17084 17667-17084 18469-17084 19849-17086 17281-16823 17693-17084 17541-17084 17694-17084 19681-17086 17171-17086 17545-17084 19870-17086 19875-17084 17667-17084 18469-17084 19849-17086 Important 17281-16823 Important 17693-17084 Important 17541-17084 Important 17694-17084 Important 19681-17086 Moderate 17171-17086 Important 17545-17084 Important 19870-17086 Important 19875-17084 Important 17667-17084 Important 18469-17084 19849-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17281-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17693-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17541-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17694-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19681-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 17171-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17545-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19870-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19875-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17667-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18469-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 19849-17086 CBL-Mariner Releases 17281-16823 17694-17084 19870-17086 19875-17084 No Security Update 3.7-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17281-16823 17694-17084 19870-17086 19875-17084 CBL-Mariner Releases CBL-Mariner Releases 17693-17084 No Security Update 24.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17693-17084 CBL-Mariner Releases CBL-Mariner Releases 17541-17084 17667-17084 No Security Update 2.16.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17541-17084 17667-17084 CBL-Mariner Releases CBL-Mariner Releases 19681-17086 No Security Update 3.9.19-13 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19681-17086 CBL-Mariner Releases CBL-Mariner Releases 17545-17084 No Security Update 3.12.9-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17545-17084 CBL-Mariner Releases 1.1 2024-08-16T00:00:00 <p>Information published.</p> 3.5 2024-10-15T00:00:00 <p>Added python-pip to Azure Linux 3.0 Added tensorflow to Azure Linux 3.0 Added python-idna to Azure Linux 3.0 Added python-idna to CBL-Mariner 2.0</p> 3.6 2025-03-14T00:00:00 <p>Added python3 to Azure Linux 3.0 Added python-pip to Azure Linux 3.0 Added tensorflow to Azure Linux 3.0 Added python-idna to Azure Linux 3.0 Added python-idna to CBL-Mariner 2.0</p> 3.7 2025-04-17T00:00:00 <p>Added python3 to CBL-Mariner 2.0 Added python-idna to CBL-Mariner 2.0 Added python3 to Azure Linux 3.0 Added python-pip to Azure Linux 3.0 Added tensorflow to Azure Linux 3.0 Added python-idna to Azure Linux 3.0</p> 4.0 2026-02-18T01:18:51 <p>Information published.</p> 1.0 2024-07-26T00:00:00 <p>Information published.</p> 1.2 2024-08-17T00:00:00 <p>Information published.</p> 1.3 2024-08-18T00:00:00 <p>Information published.</p> 1.4 2024-08-19T00:00:00 <p>Information published.</p> 1.5 2024-08-20T00:00:00 <p>Information published.</p> 1.6 2024-08-21T00:00:00 <p>Information published.</p> 1.7 2024-08-22T00:00:00 <p>Information published.</p> 1.8 2024-08-23T00:00:00 <p>Information published.</p> 1.9 2024-08-24T00:00:00 <p>Information published.</p> 2.0 2024-08-25T00:00:00 <p>Information published.</p> 2.1 2024-08-26T00:00:00 <p>Information published.</p> 2.2 2024-08-27T00:00:00 <p>Information published.</p> 2.3 2024-08-28T00:00:00 <p>Information published.</p> 2.4 2024-08-29T00:00:00 <p>Information published.</p> 2.5 2024-08-30T00:00:00 <p>Information published.</p> 2.6 2024-08-31T00:00:00 <p>Information published.</p> 2.7 2024-09-01T00:00:00 <p>Information published.</p> 2.8 2024-09-02T00:00:00 <p>Information published.</p> 2.9 2024-09-03T00:00:00 <p>Information published.</p> 3.0 2024-09-05T00:00:00 <p>Information published.</p> 3.1 2024-09-06T00:00:00 <p>Information published.</p> 3.2 2024-09-07T00:00:00 <p>Information published.</p> 3.3 2024-09-08T00:00:00 <p>Information published.</p> 3.4 2024-09-11T00:00:00 <p>Information published.</p> Potential memory exhaustion attack due to sparse slice deserialization <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-37298 Allocation of Resources Without Limits or Throttling 17284-16823 17285-16823 17699-17084 17700-17084 19792-17086 19343-17084 17793-17084 19735-17086 19437-17086 17284-16823 17285-16823 17699-17084 17700-17084 19792-17086 19343-17084 17793-17084 19735-17086 19437-17086 Important 17284-16823 Important 17285-16823 Important 17699-17084 Important 17700-17084 Important 19792-17086 Important 19343-17084 Important 17793-17084 19735-17086 Important 19437-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17284-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17285-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17699-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17700-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19792-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19343-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17793-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19735-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19437-17086 CBL-Mariner Releases 17284-16823 19735-17086 19437-17086 No Security Update 1.29.4-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17284-16823 19735-17086 19437-17086 CBL-Mariner Releases CBL-Mariner Releases 17285-16823 19792-17086 No Security Update 20210626-4 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17285-16823 19792-17086 CBL-Mariner Releases CBL-Mariner Releases 17699-17084 17793-17084 No Security Update 20240213-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17699-17084 17793-17084 CBL-Mariner Releases CBL-Mariner Releases 17700-17084 19343-17084 No Security Update 1.31.0-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17700-17084 19343-17084 CBL-Mariner Releases 1.0 2024-07-19T00:00:00 <p>Information published.</p> 1.1 2024-08-05T00:00:00 <p>Information published.</p> 1.2 2024-08-29T00:00:00 <p>Information published.</p> 1.3 2024-08-30T00:00:00 <p>Information published.</p> 1.4 2024-08-31T00:00:00 <p>Information published.</p> 1.5 2024-09-01T00:00:00 <p>Information published.</p> 1.6 2024-09-02T00:00:00 <p>Information published.</p> 1.7 2024-09-03T00:00:00 <p>Information published.</p> 1.8 2024-09-05T00:00:00 <p>Information published.</p> 1.9 2024-09-06T00:00:00 <p>Information published.</p> 2.0 2024-09-07T00:00:00 <p>Information published.</p> 2.1 2024-09-08T00:00:00 <p>Information published.</p> 2.2 2024-09-11T00:00:00 <p>Information published.</p> 3.0 2026-02-18T01:13:12 <p>Information published.</p> Apache HTTP Server proxy encoding problem <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner apache Yes CVE-2024-38473 Improper Encoding or Escaping of Output 17283-16823 17684-17084 19775-17086 19781-17084 17357-17086 17283-16823 17684-17084 19775-17086 19781-17084 17357-17086 Important 17283-16823 Important 17684-17084 19775-17086 Important 19781-17084 Important 17357-17086 8.1 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17283-16823 8.1 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17684-17084 8.1 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19775-17086 8.1 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 19781-17084 8.1 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17357-17086 CBL-Mariner Releases 17283-16823 17684-17084 19775-17086 19781-17084 17357-17086 No Security Update 2.4.61-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17283-16823 17684-17084 19775-17086 19781-17084 17357-17086 CBL-Mariner Releases 1.0 2024-07-19T00:00:00 <p>Information published.</p> 1.1 2024-08-15T00:00:00 <p>Information published.</p> 1.2 2024-12-03T00:00:00 <p>Added httpd to CBL-Mariner 2.0 Added httpd to Azure Linux 3.0</p> 2.0 2026-02-18T01:08:06 <p>Information published.</p> ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-39473 NULL Pointer Dereference 17233-16823 17671-17084 19682-17086 16839-17084 18490-17086 17233-16823 17671-17084 19682-17086 16839-17084 18490-17086 Moderate 17233-16823 Moderate 17671-17084 19682-17086 Moderate 16839-17084 Moderate 18490-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19682-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 16839-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18490-17086 CBL-Mariner Releases 17233-16823 19682-17086 18490-17086 No Security Update 5.15.162.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17233-16823 19682-17086 18490-17086 CBL-Mariner Releases CBL-Mariner Releases 17671-17084 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17671-17084 CBL-Mariner Releases CBL-Mariner Releases 16839-17084 No Security Update 6.6.35.1-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16839-17084 CBL-Mariner Releases 1.0 2024-08-10T00:00:00 <p>Information published.</p> 1.1 2024-08-29T00:00:00 <p>Information published.</p> 1.2 2024-08-30T00:00:00 <p>Information published.</p> 1.3 2024-08-31T00:00:00 <p>Information published.</p> 1.4 2024-09-01T00:00:00 <p>Information published.</p> 1.5 2024-09-02T00:00:00 <p>Information published.</p> 1.6 2024-09-03T00:00:00 <p>Information published.</p> 1.7 2024-09-05T00:00:00 <p>Information published.</p> 1.8 2024-09-06T00:00:00 <p>Information published.</p> 1.9 2024-09-07T00:00:00 <p>Information published.</p> 2.0 2024-09-08T00:00:00 <p>Information published.</p> 2.1 2024-09-11T00:00:00 <p>Information published.</p> 2.2 2024-12-03T00:00:00 <p>Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0</p> 3.0 2026-02-18T01:37:49 <p>Information published.</p> fbdev: savage: Handle err return when savagefb_check_var failed <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-39475 Divide By Zero 17233-16823 17671-17084 16839-17084 19702-17086 17292-17086 17233-16823 17671-17084 16839-17084 19702-17086 17292-17086 Moderate 17233-16823 Moderate 17671-17084 Moderate 16839-17084 19702-17086 Moderate 17292-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17233-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 16839-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19702-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17292-17086 CBL-Mariner Releases 17233-16823 19702-17086 17292-17086 No Security Update 5.15.162.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17233-16823 19702-17086 17292-17086 CBL-Mariner Releases CBL-Mariner Releases 17671-17084 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17671-17084 CBL-Mariner Releases CBL-Mariner Releases 16839-17084 No Security Update 6.6.35.1-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16839-17084 CBL-Mariner Releases 3.0 2026-02-18T01:32:12 <p>Information published.</p> 1.0 2024-08-05T00:00:00 <p>Information published.</p> 1.1 2024-08-29T00:00:00 <p>Information published.</p> 1.2 2024-08-30T00:00:00 <p>Information published.</p> 1.3 2024-08-31T00:00:00 <p>Information published.</p> 1.4 2024-09-01T00:00:00 <p>Information published.</p> 1.5 2024-09-02T00:00:00 <p>Information published.</p> 1.6 2024-09-03T00:00:00 <p>Information published.</p> 1.7 2024-09-05T00:00:00 <p>Information published.</p> 1.8 2024-09-06T00:00:00 <p>Information published.</p> 1.9 2024-09-07T00:00:00 <p>Information published.</p> 2.0 2024-09-08T00:00:00 <p>Information published.</p> 2.1 2024-09-11T00:00:00 <p>Information published.</p> drm/i915/hwmon: Get rid of devm <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-39479 Uncontrolled Resource Consumption 17671-17084 16839-17084 17671-17084 16839-17084 Important 17671-17084 Important 16839-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17671-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 16839-17084 CBL-Mariner Releases 17671-17084 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17671-17084 CBL-Mariner Releases CBL-Mariner Releases 16839-17084 No Security Update 6.6.35.1-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16839-17084 CBL-Mariner Releases 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:22:31 <p>Information published.</p> media: mc: Fix graph walk in media_pipeline_start <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-39481 17671-17084 16839-17084 17671-17084 16839-17084 Moderate 17671-17084 Moderate 16839-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 16839-17084 CBL-Mariner Releases 17671-17084 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17671-17084 CBL-Mariner Releases CBL-Mariner Releases 16839-17084 No Security Update 6.6.35.1-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16839-17084 CBL-Mariner Releases 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2026-02-18T02:23:25 <p>Information published.</p> bcache: fix variable length array abuse in btree_iter <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-39482 Allocation of Resources Without Limits or Throttling 17233-16823 17671-17084 19702-17086 17292-17086 16839-17084 17233-16823 17671-17084 19702-17086 17292-17086 16839-17084 Moderate 17233-16823 Moderate 17671-17084 19702-17086 Moderate 17292-17086 Moderate 16839-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19702-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17292-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 16839-17084 CBL-Mariner Releases 17233-16823 19702-17086 17292-17086 No Security Update 5.15.162.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17233-16823 19702-17086 17292-17086 CBL-Mariner Releases CBL-Mariner Releases 17671-17084 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17671-17084 CBL-Mariner Releases CBL-Mariner Releases 16839-17084 No Security Update 6.6.35.1-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16839-17084 CBL-Mariner Releases 1.0 2024-08-05T00:00:00 <p>Information published.</p> 1.1 2024-08-29T00:00:00 <p>Information published.</p> 1.2 2024-08-30T00:00:00 <p>Information published.</p> 1.3 2024-08-31T00:00:00 <p>Information published.</p> 1.4 2024-09-01T00:00:00 <p>Information published.</p> 1.5 2024-09-02T00:00:00 <p>Information published.</p> 1.6 2024-09-03T00:00:00 <p>Information published.</p> 1.7 2024-09-05T00:00:00 <p>Information published.</p> 1.8 2024-09-06T00:00:00 <p>Information published.</p> 1.9 2024-09-07T00:00:00 <p>Information published.</p> 2.0 2024-09-08T00:00:00 <p>Information published.</p> 2.1 2024-09-11T00:00:00 <p>Information published.</p> 3.0 2026-02-18T01:30:09 <p>Information published.</p> mmc: davinci: Don't strip remove function when driver is builtin <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-39484 Allocation of Resources Without Limits or Throttling 17233-16823 17671-17084 19702-17086 16839-17084 17292-17086 17233-16823 17671-17084 19702-17086 16839-17084 17292-17086 Moderate 17233-16823 Moderate 17671-17084 19702-17086 Moderate 16839-17084 Moderate 17292-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19702-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 16839-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17292-17086 CBL-Mariner Releases 17233-16823 19702-17086 17292-17086 No Security Update 5.15.162.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17233-16823 19702-17086 17292-17086 CBL-Mariner Releases CBL-Mariner Releases 17671-17084 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17671-17084 CBL-Mariner Releases CBL-Mariner Releases 16839-17084 No Security Update 6.6.35.1-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16839-17084 CBL-Mariner Releases 3.0 2026-02-18T01:34:58 <p>Information published.</p> 1.0 2024-08-05T00:00:00 <p>Information published.</p> 1.1 2024-08-29T00:00:00 <p>Information published.</p> 1.2 2024-08-30T00:00:00 <p>Information published.</p> 1.3 2024-08-31T00:00:00 <p>Information published.</p> 1.4 2024-09-01T00:00:00 <p>Information published.</p> 1.5 2024-09-02T00:00:00 <p>Information published.</p> 1.6 2024-09-03T00:00:00 <p>Information published.</p> 1.7 2024-09-05T00:00:00 <p>Information published.</p> 1.8 2024-09-06T00:00:00 <p>Information published.</p> 1.9 2024-09-07T00:00:00 <p>Information published.</p> 2.0 2024-09-08T00:00:00 <p>Information published.</p> 2.1 2024-09-11T00:00:00 <p>Information published.</p> media: v4l: async: Properly re-initialise notifier entry in unregister <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-39485 Improper Initialization 17233-16823 17671-17084 16839-17084 17095-17086 19673-17086 17233-16823 17671-17084 16839-17084 17095-17086 19673-17086 Moderate 17233-16823 Moderate 17671-17084 Moderate 16839-17084 Moderate 17095-17086 19673-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17233-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 16839-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19673-17086 CBL-Mariner Releases 17233-16823 17095-17086 19673-17086 No Security Update 5.15.162.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17233-16823 17095-17086 19673-17086 CBL-Mariner Releases CBL-Mariner Releases 17671-17084 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17671-17084 CBL-Mariner Releases CBL-Mariner Releases 16839-17084 No Security Update 6.6.35.1-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16839-17084 CBL-Mariner Releases 2.2 2024-12-03T00:00:00 <p>Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0</p> 3.0 2026-02-18T01:29:04 <p>Information published.</p> 1.0 2024-08-10T00:00:00 <p>Information published.</p> 1.1 2024-08-29T00:00:00 <p>Information published.</p> 1.2 2024-08-30T00:00:00 <p>Information published.</p> 1.3 2024-08-31T00:00:00 <p>Information published.</p> 1.4 2024-09-01T00:00:00 <p>Information published.</p> 1.5 2024-09-02T00:00:00 <p>Information published.</p> 1.6 2024-09-03T00:00:00 <p>Information published.</p> 1.7 2024-09-05T00:00:00 <p>Information published.</p> 1.8 2024-09-06T00:00:00 <p>Information published.</p> 1.9 2024-09-07T00:00:00 <p>Information published.</p> 2.0 2024-09-08T00:00:00 <p>Information published.</p> 2.1 2024-09-11T00:00:00 <p>Information published.</p> drm/drm_file: Fix pid refcounting race <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-39486 Use After Free 17651-17084 17671-17084 17651-17084 17671-17084 Important 17651-17084 Important 17671-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 17671-17084 CBL-Mariner Releases 17651-17084 17671-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17671-17084 CBL-Mariner Releases 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2026-02-18T15:10:24 <p>Information published.</p> ipv6: sr: fix memleak in seg6_hmac_init_algo <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-39489 Missing Release of Memory after Effective Lifetime 17233-16823 17671-17084 16839-17084 17292-17086 19702-17086 17233-16823 17671-17084 16839-17084 17292-17086 19702-17086 Moderate 17233-16823 Moderate 17671-17084 Moderate 16839-17084 Moderate 17292-17086 19702-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 16839-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17292-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19702-17086 CBL-Mariner Releases 17233-16823 17292-17086 19702-17086 No Security Update 5.15.162.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17233-16823 17292-17086 19702-17086 CBL-Mariner Releases CBL-Mariner Releases 17671-17084 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17671-17084 CBL-Mariner Releases CBL-Mariner Releases 16839-17084 No Security Update 6.6.35.1-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16839-17084 CBL-Mariner Releases 3.0 2026-02-19T01:02:14 <p>Information published.</p> 1.0 2024-08-08T00:00:00 <p>Information published.</p> 1.1 2024-08-29T00:00:00 <p>Information published.</p> 1.2 2024-08-30T00:00:00 <p>Information published.</p> 1.3 2024-08-31T00:00:00 <p>Information published.</p> 1.4 2024-09-01T00:00:00 <p>Information published.</p> 1.5 2024-09-02T00:00:00 <p>Information published.</p> 1.6 2024-09-03T00:00:00 <p>Information published.</p> 1.7 2024-09-05T00:00:00 <p>Information published.</p> 1.8 2024-09-06T00:00:00 <p>Information published.</p> 1.9 2024-09-07T00:00:00 <p>Information published.</p> 2.0 2024-09-08T00:00:00 <p>Information published.</p> 2.1 2024-09-11T00:00:00 <p>Information published.</p> ima: Fix use-after-free on a dentry's dname.name <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-39494 Use After Free 17110-16823 17671-17084 19682-17086 16839-17084 18490-17086 17110-16823 17671-17084 19682-17086 16839-17084 18490-17086 Important 17110-16823 Important 17671-17084 19682-17086 Important 16839-17084 Important 18490-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19682-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 16839-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18490-17086 CBL-Mariner Releases 17110-16823 No Security Update 5.15.176.3-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17110-16823 CBL-Mariner Releases CBL-Mariner Releases 17671-17084 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17671-17084 CBL-Mariner Releases CBL-Mariner Releases 19682-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19682-17086 CBL-Mariner Releases CBL-Mariner Releases 16839-17084 No Security Update 6.6.35.1-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16839-17084 CBL-Mariner Releases 2.0 2026-02-18T02:43:32 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> btrfs: zoned: fix use-after-free due to race with dev replace <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-39496 Use After Free 17671-17084 19673-17086 17095-17086 16839-17084 17671-17084 19673-17086 17095-17086 16839-17084 Important 17671-17084 19673-17086 Important 17095-17086 Important 16839-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19673-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17095-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 16839-17084 CBL-Mariner Releases 17671-17084 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17671-17084 CBL-Mariner Releases CBL-Mariner Releases 16839-17084 No Security Update 6.6.35.1-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 16839-17084 CBL-Mariner Releases 2.0 2026-02-18T02:39:28 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g. for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly other timing attacks against keystroke entry could occur. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-39894 Time-of-check Time-of-use (TOCTOU) Race Condition 17698-17084 18225-17084 17698-17084 18225-17084 Important 17698-17084 Important 18225-17084 7.5 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 17698-17084 7.5 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 18225-17084 CBL-Mariner Releases 17698-17084 18225-17084 No Security Update 9.8p1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17698-17084 18225-17084 CBL-Mariner Releases 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2026-02-18T01:14:51 <p>Information published.</p> An issue was discovered in HTTP2 in Qt before 5.15.18 6.x before 6.2.13 6.3.x through 6.5.x before 6.5.7 and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early because the encrypted() signal has not yet been emitted and processed.. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2024-39936 Time-of-check Time-of-use (TOCTOU) Race Condition 17282-16823 17680-17084 19741-17084 19737-17086 17384-17086 17282-16823 17680-17084 19741-17084 19737-17086 17384-17086 Moderate 17282-16823 Moderate 17680-17084 Moderate 19741-17084 19737-17086 Important 17384-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 17282-16823 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 17680-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 19741-17084 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 19737-17086 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 17384-17086 CBL-Mariner Releases 17282-16823 19737-17086 17384-17086 No Security Update 5.12.11-13 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17282-16823 19737-17086 17384-17086 CBL-Mariner Releases CBL-Mariner Releases 17680-17084 19741-17084 No Security Update 6.6.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17680-17084 19741-17084 CBL-Mariner Releases 1.0 2024-08-18T00:00:00 <p>Information published.</p> 1.1 2024-08-29T00:00:00 <p>Information published.</p> 1.2 2024-08-30T00:00:00 <p>Information published.</p> 1.3 2024-08-31T00:00:00 <p>Information published.</p> 1.4 2024-09-01T00:00:00 <p>Information published.</p> 1.5 2024-09-02T00:00:00 <p>Information published.</p> 1.6 2024-09-03T00:00:00 <p>Information published.</p> 1.7 2024-09-05T00:00:00 <p>Information published.</p> 1.8 2024-09-06T00:00:00 <p>Information published.</p> 1.9 2024-09-07T00:00:00 <p>Information published.</p> 2.0 2024-09-08T00:00:00 <p>Information published.</p> 2.1 2024-09-11T00:00:00 <p>Information published.</p> 3.0 2026-02-18T01:20:37 <p>Information published.</p> Apache HTTP Server: source code disclosure with handlers configured via AddType <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner apache Yes CVE-2024-40725 Exposure of Resource to Wrong Sphere 17276-16823 17686-17084 17684-17084 19775-17086 17357-17086 17276-16823 17686-17084 17684-17084 19775-17086 17357-17086 Moderate 17276-16823 Moderate 17686-17084 Moderate 17684-17084 19775-17086 Moderate 17357-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 17276-16823 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 17686-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 17684-17084 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 19775-17086 5.3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 17357-17086 CBL-Mariner Releases 17276-16823 17686-17084 17684-17084 19775-17086 17357-17086 No Security Update 2.4.62-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17276-16823 17686-17084 17684-17084 19775-17086 17357-17086 CBL-Mariner Releases 2.0 2026-02-18T01:50:31 <p>Information published.</p> 1.0 2024-07-26T00:00:00 <p>Information published.</p> 1.1 2024-08-15T00:00:00 <p>Information published.</p> 1.2 2024-08-16T00:00:00 <p>Information published.</p> 1.3 2024-08-17T00:00:00 <p>Information published.</p> 1.4 2024-08-18T00:00:00 <p>Information published.</p> 1.5 2024-08-19T00:00:00 <p>Information published.</p> 1.6 2024-08-20T00:00:00 <p>Information published.</p> 1.7 2024-08-21T00:00:00 <p>Information published.</p> 1.8 2024-09-11T00:00:00 <p>Information published.</p> ocfs2: fix NULL pointer dereference in ocfs2_abort_trigger() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-40951 NULL Pointer Dereference 17661-17084 17671-17084 17661-17084 17671-17084 Moderate 17661-17084 Moderate 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17661-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 1.1 2026-02-19T01:11:48 <p>Information published.</p> ipv6: prevent possible NULL dereference in rt6_probe() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-40960 NULL Pointer Dereference 17651-17084 17671-17084 17651-17084 17671-17084 Moderate 17651-17084 Moderate 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 CBL-Mariner Releases 17651-17084 17671-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17671-17084 CBL-Mariner Releases 1.1 2026-02-18T14:49:05 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> ptp: fix integer overflow in max_vclocks_store <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-40994 Integer Overflow or Wraparound 17651-17084 17671-17084 17651-17084 17671-17084 Important 17651-17084 Important 17671-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17651-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17671-17084 CBL-Mariner Releases 17651-17084 17671-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17671-17084 CBL-Mariner Releases 1.1 2026-02-18T14:53:18 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> block/ioctl: prefer different overflow check <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41000 Integer Overflow or Wraparound 17651-17084 17671-17084 17651-17084 17671-17084 Important 17651-17084 Important 17671-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17671-17084 CBL-Mariner Releases 17651-17084 17671-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17671-17084 CBL-Mariner Releases 1.1 2026-02-18T14:51:37 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> io_uring/sqpoll: work around a potential audit memory leak <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41001 Missing Release of Memory after Effective Lifetime 17651-17084 20925-17086 21093-17086 17671-17084 17087-17086 17651-17084 20925-17086 21093-17086 17671-17084 17087-17086 Moderate 17651-17084 Moderate 20925-17086 Moderate 21093-17086 Moderate 17671-17084 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17651-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 CBL-Mariner Releases 17651-17084 17671-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17671-17084 CBL-Mariner Releases 1.1 2026-02-18T14:52:49 <p>Information published.</p> 2.0 2026-03-03T14:41:30 <p>Information published.</p> 3.0 2026-03-31T14:50:54 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> bpf: Fix overrunning reservations in ringbuf <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41009 Allocation of Resources Without Limits or Throttling 17250-16823 17661-17084 17671-17084 19682-17086 18490-17086 17250-16823 17661-17084 17671-17084 19682-17086 18490-17086 Moderate 17250-16823 Moderate 17661-17084 Moderate 17671-17084 19682-17086 Moderate 18490-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19682-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18490-17086 CBL-Mariner Releases 17250-16823 19682-17086 18490-17086 No Security Update 5.15.164.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17250-16823 19682-17086 18490-17086 CBL-Mariner Releases CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 1.1 2024-08-21T00:00:00 <p>Information published.</p> 2.0 2026-02-18T01:48:05 <p>Information published.</p> drm/amdkfd: don't allow mapping the MMIO HDP page with large pages <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41011 Incorrect Calculation 17207-16823 19670-17086 17250-17086 17207-16823 19670-17086 17250-17086 Important 17207-16823 19670-17086 Important 17250-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17207-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19670-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17250-17086 CBL-Mariner Releases 17207-16823 19670-17086 17250-17086 No Security Update 5.15.167.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17207-16823 19670-17086 17250-17086 CBL-Mariner Releases 1.0 2024-10-12T00:00:00 <p>Information published.</p> 2.0 2026-02-18T01:44:45 <p>Information published.</p> firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41038 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 17661-17084 17671-17084 17661-17084 17671-17084 Moderate 17661-17084 Moderate 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 1.1 2026-02-19T01:14:52 <p>Information published.</p> filelock: fix potential use-after-free in posix_lock_inode <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41049 Use After Free 17651-17084 17671-17084 17651-17084 17671-17084 Important 17651-17084 Important 17671-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17671-17084 CBL-Mariner Releases 17651-17084 17671-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17671-17084 CBL-Mariner Releases 1.2 2026-02-18T15:12:34 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2025-04-17T00:00:00 <p>Added kernel to Azure Linux 3.0</p> scsi: ufs: core: Fix ufshcd_clear_cmd racing issue <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41054 NULL Pointer Dereference 17651-17084 17671-17084 17651-17084 17671-17084 Moderate 17651-17084 Moderate 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 CBL-Mariner Releases 17651-17084 17671-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17671-17084 CBL-Mariner Releases 1.1 2026-02-18T15:10:36 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41057 Use After Free 17651-17084 17671-17084 17651-17084 17671-17084 Important 17651-17084 Important 17671-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17671-17084 CBL-Mariner Releases 17651-17084 17671-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17671-17084 CBL-Mariner Releases 1.1 2025-05-21T00:00:00 <p>Added kernel to Azure Linux 3.0</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.2 2026-02-18T15:09:48 <p>Information published.</p> nvme: avoid double free special payload <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41073 Double Free 17250-16823 17651-17084 19731-17086 17671-17084 17233-17086 17250-16823 17651-17084 19731-17086 17671-17084 17233-17086 Important 17250-16823 Important 17651-17084 19731-17086 Important 17671-17084 Important 17233-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19731-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17671-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17233-17086 CBL-Mariner Releases 17250-16823 19731-17086 17233-17086 No Security Update 5.15.164.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17250-16823 19731-17086 17233-17086 CBL-Mariner Releases CBL-Mariner Releases 17651-17084 17671-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17671-17084 CBL-Mariner Releases 2.0 2026-02-18T15:08:06 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> NFSv4: Fix memory leak in nfs4_set_security_label <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41076 Missing Release of Memory after Effective Lifetime 17651-17084 17671-17084 21093-17086 17087-17086 20925-17086 17651-17084 17671-17084 21093-17086 17087-17086 20925-17086 Moderate 17651-17084 Moderate 17671-17084 Moderate 21093-17086 Moderate 17087-17086 Moderate 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 CBL-Mariner Releases 17651-17084 17671-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17671-17084 CBL-Mariner Releases 1.1 2026-02-18T15:05:53 <p>Information published.</p> 2.0 2026-03-03T14:41:46 <p>Information published.</p> 3.0 2026-03-31T14:51:19 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> can: mcp251xfd: fix infinite loop when xmit fails <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41088 Loop with Unreachable Exit Condition ('Infinite Loop') 17651-17084 17671-17084 20925-17086 17087-17086 21093-17086 17651-17084 17671-17084 20925-17086 17087-17086 21093-17086 Moderate 17651-17084 Moderate 17671-17084 Moderate 20925-17086 Moderate 17087-17086 Moderate 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17651-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 CBL-Mariner Releases 17651-17084 17671-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17671-17084 CBL-Mariner Releases 2.0 2026-03-03T14:42:05 <p>Information published.</p> 3.0 2026-03-31T14:51:43 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2026-02-18T15:06:12 <p>Information published.</p> drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41089 NULL Pointer Dereference 17661-17084 17671-17084 17661-17084 17671-17084 Moderate 17661-17084 Moderate 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 1.1 2026-02-19T01:17:32 <p>Information published.</p> drm/amdgpu: avoid using null object of framebuffer <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41093 NULL Pointer Dereference 17661-17084 17671-17084 17661-17084 17671-17084 Moderate 17661-17084 Moderate 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 1.1 2026-02-19T01:16:42 <p>Information published.</p> drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41095 NULL Pointer Dereference 17661-17084 17671-17084 17661-17084 17671-17084 Moderate 17661-17084 Moderate 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 1.1 2026-02-19T01:15:17 <p>Information published.</p> usb: atm: cxacru: fix endpoint checking in cxacru_bind() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41097 17651-17084 17671-17084 17651-17084 17671-17084 Moderate 17651-17084 Moderate 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 CBL-Mariner Releases 17651-17084 17671-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17671-17084 CBL-Mariner Releases 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2026-02-18T15:10:12 <p>Information published.</p> Moby authz zero length regression <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-41110 Partial String Comparison 17272-16823 17674-17084 19729-17084 19789-17086 17272-16823 17674-17084 19729-17084 19789-17086 Critical 17272-16823 Critical 17674-17084 Critical 19729-17084 Critical 19789-17086 9.9 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 17272-16823 9.9 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 17674-17084 9.9 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 19729-17084 9.9 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 19789-17086 CBL-Mariner Releases 17272-16823 19789-17086 No Security Update 24.0.9-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17272-16823 19789-17086 CBL-Mariner Releases CBL-Mariner Releases 17674-17084 19729-17084 No Security Update 25.0.3-5 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17674-17084 19729-17084 CBL-Mariner Releases 1.0 2024-08-05T00:00:00 <p>Information published.</p> 1.1 2024-08-25T00:00:00 <p>Information published.</p> 1.2 2024-08-26T00:00:00 <p>Information published.</p> 1.3 2024-08-27T00:00:00 <p>Information published.</p> 1.4 2024-08-28T00:00:00 <p>Information published.</p> 1.5 2024-08-29T00:00:00 <p>Information published.</p> 1.6 2024-08-30T00:00:00 <p>Information published.</p> 1.7 2024-08-31T00:00:00 <p>Information published.</p> 1.8 2024-09-01T00:00:00 <p>Information published.</p> 1.9 2024-09-02T00:00:00 <p>Information published.</p> 2.0 2024-09-03T00:00:00 <p>Information published.</p> 2.1 2024-09-05T00:00:00 <p>Information published.</p> 2.2 2024-09-06T00:00:00 <p>Information published.</p> 2.3 2024-09-07T00:00:00 <p>Information published.</p> 2.4 2024-09-08T00:00:00 <p>Information published.</p> 2.5 2024-09-11T00:00:00 <p>Information published.</p> 2.6 2026-02-18T02:45:10 <p>Information published.</p> twisted.web has disordered HTTP pipeline response <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2024-41671 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') 17270-16823 17672-17084 20027-17086 18264-17084 17270-16823 17672-17084 20027-17086 18264-17084 Important 17270-16823 Important 17672-17084 Important 20027-17086 Important 18264-17084 8.3 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L 17270-16823 8.3 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L 17672-17084 8.3 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L 20027-17086 8.3 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L 18264-17084 CBL-Mariner Releases 17270-16823 17672-17084 20027-17086 18264-17084 No Security Update 22.10.0-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17270-16823 17672-17084 20027-17086 18264-17084 CBL-Mariner Releases 1.0 2024-08-18T00:00:00 <p>Information published.</p> 1.1 2024-08-19T00:00:00 <p>Information published.</p> 1.2 2024-08-20T00:00:00 <p>Information published.</p> 1.3 2024-08-21T00:00:00 <p>Information published.</p> 1.4 2024-08-22T00:00:00 <p>Information published.</p> 1.5 2024-08-23T00:00:00 <p>Information published.</p> 1.6 2024-08-24T00:00:00 <p>Information published.</p> 1.7 2024-08-25T00:00:00 <p>Information published.</p> 1.8 2024-08-26T00:00:00 <p>Information published.</p> 1.9 2024-08-27T00:00:00 <p>Information published.</p> 2.0 2024-08-28T00:00:00 <p>Information published.</p> 2.1 2024-08-29T00:00:00 <p>Information published.</p> 2.2 2024-08-30T00:00:00 <p>Information published.</p> 2.3 2024-08-31T00:00:00 <p>Information published.</p> 2.4 2024-09-01T00:00:00 <p>Information published.</p> 2.5 2024-09-02T00:00:00 <p>Information published.</p> 2.6 2024-09-03T00:00:00 <p>Information published.</p> 2.7 2024-09-05T00:00:00 <p>Information published.</p> 2.8 2024-09-06T00:00:00 <p>Information published.</p> 2.9 2024-09-07T00:00:00 <p>Information published.</p> 3.0 2024-09-08T00:00:00 <p>Information published.</p> 3.1 2024-09-11T00:00:00 <p>Information published.</p> 3.2 2026-02-18T02:57:43 <p>Information published.</p> bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42068 Unchecked Return Value 17233-16823 17661-17084 17671-17084 19702-17086 17292-17086 17233-16823 17661-17084 17671-17084 19702-17086 17292-17086 Moderate 17233-16823 Moderate 17661-17084 Moderate 17671-17084 19702-17086 Moderate 17292-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17233-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17661-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19702-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17292-17086 CBL-Mariner Releases 17233-16823 19702-17086 17292-17086 No Security Update 5.15.162.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17233-16823 19702-17086 17292-17086 CBL-Mariner Releases CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.1 2024-08-16T00:00:00 <p>Information published.</p> 2.0 2026-02-18T03:01:44 <p>Information published.</p> 1.0 2024-08-08T00:00:00 <p>Information published.</p> netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42070 Missing Release of Memory after Effective Lifetime 17233-16823 17661-17084 17671-17084 17292-17086 19702-17086 17233-16823 17661-17084 17671-17084 17292-17086 19702-17086 Moderate 17233-16823 Moderate 17661-17084 Moderate 17671-17084 Moderate 17292-17086 19702-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17292-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19702-17086 CBL-Mariner Releases 17233-16823 17292-17086 19702-17086 No Security Update 5.15.162.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17233-16823 17292-17086 19702-17086 CBL-Mariner Releases CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.1 2024-08-16T00:00:00 <p>Information published.</p> 1.0 2024-08-08T00:00:00 <p>Information published.</p> 2.0 2026-02-18T02:55:11 <p>Information published.</p> ASoC: amd: acp: add a null check for chip_pdev structure <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42074 NULL Pointer Dereference 17233-16823 17661-17084 17095-17086 19673-17086 17671-17084 17233-16823 17661-17084 17095-17086 19673-17086 17671-17084 Moderate 17233-16823 Moderate 17661-17084 Moderate 17095-17086 19673-17086 Moderate 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19673-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 CBL-Mariner Releases 17233-16823 17095-17086 19673-17086 No Security Update 5.15.162.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17233-16823 17095-17086 19673-17086 CBL-Mariner Releases CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.1 2024-08-16T00:00:00 <p>Information published.</p> 2.0 2026-02-18T03:00:23 <p>Information published.</p> 1.0 2024-08-10T00:00:00 <p>Information published.</p> 1.2 2024-09-11T00:00:00 <p>Information published.</p> 1.3 2024-12-03T00:00:00 <p>Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0</p> bpf: Fix remap of arena. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42075 Use After Free 17233-16823 17661-17084 19673-17086 17095-17086 19529-17084 17233-16823 17661-17084 19673-17086 17095-17086 19529-17084 Moderate 17233-16823 Moderate 17661-17084 19673-17086 Moderate 17095-17086 Moderate 19529-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17233-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17661-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19673-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17095-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19529-17084 CBL-Mariner Releases 17233-16823 19673-17086 17095-17086 No Security Update 5.15.162.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17233-16823 19673-17086 17095-17086 CBL-Mariner Releases CBL-Mariner Releases 17661-17084 19529-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 19529-17084 CBL-Mariner Releases 1.1 2024-08-16T00:00:00 <p>Information published.</p> 1.3 2024-12-03T00:00:00 <p>Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0</p> 2.0 2026-02-18T02:49:40 <p>Information published.</p> 1.0 2024-08-10T00:00:00 <p>Information published.</p> 1.2 2024-09-11T00:00:00 <p>Information published.</p> net: can: j1939: Initialize unused data in j1939_send_one() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42076 Use of Uninitialized Resource 17233-16823 17661-17084 19702-17086 17671-17084 17292-17086 17233-16823 17661-17084 19702-17086 17671-17084 17292-17086 Moderate 17233-16823 Moderate 17661-17084 19702-17086 Moderate 17671-17084 Moderate 17292-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19702-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17292-17086 CBL-Mariner Releases 17233-16823 19702-17086 17292-17086 No Security Update 5.15.162.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17233-16823 19702-17086 17292-17086 CBL-Mariner Releases CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.1 2024-08-16T00:00:00 <p>Information published.</p> 1.0 2024-08-08T00:00:00 <p>Information published.</p> 2.0 2026-02-19T01:01:48 <p>Information published.</p> nfsd: initialise nfsd_info.mutex early. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42078 Improper Initialization 17233-16823 17661-17084 18490-17086 19682-17086 19529-17084 17233-16823 17661-17084 18490-17086 19682-17086 19529-17084 Moderate 17233-16823 Moderate 17661-17084 Moderate 18490-17086 19682-17086 Moderate 19529-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18490-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19682-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19529-17084 CBL-Mariner Releases 17233-16823 18490-17086 19682-17086 No Security Update 5.15.162.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17233-16823 18490-17086 19682-17086 CBL-Mariner Releases CBL-Mariner Releases 17661-17084 19529-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 19529-17084 CBL-Mariner Releases 1.1 2024-08-16T00:00:00 <p>Information published.</p> 2.0 2026-02-18T03:03:38 <p>Information published.</p> 1.0 2024-08-10T00:00:00 <p>Information published.</p> 1.2 2024-09-11T00:00:00 <p>Information published.</p> 1.3 2024-12-03T00:00:00 <p>Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0</p> gfs2: Fix NULL pointer dereference in gfs2_log_flush <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42079 NULL Pointer Dereference 17661-17084 17087-17086 21093-17086 17671-17084 20925-17086 17661-17084 17087-17086 21093-17086 17671-17084 20925-17086 Moderate 17661-17084 Moderate 17087-17086 Moderate 21093-17086 Moderate 17671-17084 Moderate 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 1.1 2026-02-18T03:01:01 <p>Information published.</p> 3.0 2026-03-31T14:46:38 <p>Information published.</p> 2.0 2026-03-03T14:38:57 <p>Information published.</p> ionic: fix kernel panic due to multi-buffer handling <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42083 NULL Pointer Dereference 17233-16823 17661-17084 19682-17086 19529-17084 18490-17086 17233-16823 17661-17084 19682-17086 19529-17084 18490-17086 Moderate 17233-16823 Moderate 17661-17084 19682-17086 Moderate 19529-17084 Moderate 18490-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19682-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19529-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 18490-17086 CBL-Mariner Releases 17233-16823 19682-17086 18490-17086 No Security Update 5.15.162.2-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17233-16823 19682-17086 18490-17086 CBL-Mariner Releases CBL-Mariner Releases 17661-17084 19529-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 19529-17084 CBL-Mariner Releases 1.1 2024-08-16T00:00:00 <p>Information published.</p> 2.0 2026-02-18T02:47:09 <p>Information published.</p> 1.0 2024-08-10T00:00:00 <p>Information published.</p> 1.2 2024-09-11T00:00:00 <p>Information published.</p> 1.3 2024-12-03T00:00:00 <p>Added kernel to CBL-Mariner 2.0 Added kernel to Azure Linux 3.0</p> usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42085 Improper Locking 17651-17084 17671-17084 17651-17084 17671-17084 Moderate 17651-17084 Moderate 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 CBL-Mariner Releases 17651-17084 17671-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17671-17084 CBL-Mariner Releases 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2026-02-18T15:13:17 <p>Information published.</p> net/dpaa2: Avoid explicit cpumask var allocation on stack <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42093 Out-of-bounds Write 17651-17084 17671-17084 17651-17084 17671-17084 Important 17651-17084 Important 17671-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17671-17084 CBL-Mariner Releases 17651-17084 17671-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17671-17084 CBL-Mariner Releases 1.1 2025-05-21T00:00:00 <p>Added kernel to Azure Linux 3.0</p> 1.2 2026-02-18T15:12:46 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42101 NULL Pointer Dereference 17250-16823 17651-17084 19731-17086 17671-17084 17233-17086 17250-16823 17651-17084 19731-17086 17671-17084 17233-17086 Moderate 17250-16823 Moderate 17651-17084 19731-17086 Moderate 17671-17084 Moderate 17233-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17250-16823 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17651-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19731-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17233-17086 CBL-Mariner Releases 17250-16823 19731-17086 17233-17086 No Security Update 5.15.164.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17250-16823 19731-17086 17233-17086 CBL-Mariner Releases CBL-Mariner Releases 17651-17084 17671-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17671-17084 CBL-Mariner Releases 2.0 2026-02-18T14:59:06 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits() again" <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42102 Divide By Zero 17250-16823 17651-17084 19731-17086 17233-17086 17671-17084 17250-16823 17651-17084 19731-17086 17233-17086 17671-17084 Moderate 17250-16823 Moderate 17651-17084 19731-17086 Moderate 17233-17086 Moderate 17671-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 19731-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17233-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 CBL-Mariner Releases 17250-16823 19731-17086 17233-17086 No Security Update 5.15.164.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17250-16823 19731-17086 17233-17086 CBL-Mariner Releases CBL-Mariner Releases 17651-17084 17671-17084 No Security Update 6.6.47.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17651-17084 17671-17084 CBL-Mariner Releases 1.0 2024-09-11T00:00:00 <p>Information published.</p> 1.1 2024-09-20T00:00:00 <p>Information published.</p> 2.0 2026-02-18T14:54:29 <p>Information published.</p> nvmet: fix a possible leak when destroy a ctrl during qp establishment <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42152 Missing Release of Memory after Effective Lifetime 17250-16823 17661-17084 17671-17084 19731-17086 17233-17086 17250-16823 17661-17084 17671-17084 19731-17086 17233-17086 Moderate 17250-16823 Moderate 17661-17084 Moderate 17671-17084 19731-17086 Moderate 17233-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17250-16823 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17661-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 19731-17086 4.7 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17233-17086 CBL-Mariner Releases 17250-16823 19731-17086 17233-17086 No Security Update 5.15.164.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17250-16823 19731-17086 17233-17086 CBL-Mariner Releases CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 2.0 2026-02-19T01:21:40 <p>Information published.</p> 1.1 2024-08-21T00:00:00 <p>Information published.</p> i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42153 Improper Locking 17250-16823 17661-17084 17233-17086 17671-17084 19731-17086 17250-16823 17661-17084 17233-17086 17671-17084 19731-17086 Moderate 17250-16823 Moderate 17661-17084 Moderate 17233-17086 Moderate 17671-17084 19731-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17233-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17671-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19731-17086 CBL-Mariner Releases 17250-16823 17233-17086 19731-17086 No Security Update 5.15.164.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17250-16823 17233-17086 19731-17086 CBL-Mariner Releases CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 1.1 2024-08-21T00:00:00 <p>Information published.</p> 2.0 2026-02-19T01:14:34 <p>Information published.</p> s390/pkey: Wipe sensitive data on failure <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42157 17250-16823 17661-17084 19731-17086 17671-17084 17233-17086 17250-16823 17661-17084 19731-17086 17671-17084 17233-17086 Moderate 17250-16823 Moderate 17661-17084 19731-17086 Moderate 17671-17084 Moderate 17233-17086 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 17250-16823 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 17661-17084 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 19731-17086 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 17671-17084 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 17233-17086 CBL-Mariner Releases 17250-16823 19731-17086 17233-17086 No Security Update 5.15.164.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17250-16823 19731-17086 17233-17086 CBL-Mariner Releases CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 1.1 2024-08-21T00:00:00 <p>Information published.</p> 2.0 2026-02-19T01:08:33 <p>Information published.</p> scsi: mpi3mr: Sanitise num_phys <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42159 Improper Check for Unusual or Exceptional Conditions 17661-17084 17095-17086 19673-17086 17671-17084 17661-17084 17095-17086 19673-17086 17671-17084 Important 17661-17084 Important 17095-17086 19673-17086 Important 17671-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17095-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19673-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17671-17084 CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 2.0 2026-02-19T01:06:40 <p>Information published.</p> f2fs: check validation of fault attrs in f2fs_build_fault_attr() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42160 Improper Check for Unusual or Exceptional Conditions 17661-17084 19673-17086 17671-17084 17095-17086 17661-17084 19673-17086 17671-17084 17095-17086 Important 17661-17084 19673-17086 Important 17671-17084 Important 17095-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19673-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17671-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17095-17086 CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 2.0 2026-02-19T01:08:14 <p>Information published.</p> net: dsa: mv88e6xxx: Correct check for empty list <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42224 Improper Check for Unusual or Exceptional Conditions 17263-16823 17661-17084 19731-17086 17671-17084 17233-17086 17263-16823 17661-17084 19731-17086 17671-17084 17233-17086 Moderate 17263-16823 Moderate 17661-17084 19731-17086 Moderate 17671-17084 Moderate 17233-17086 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 19731-17086 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 17671-17084 6.1 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 17233-17086 CBL-Mariner Releases 17263-16823 No Security Update 5.15.163.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17263-16823 CBL-Mariner Releases CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases CBL-Mariner Releases 19731-17086 17233-17086 No Security Update 5.15.164.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19731-17086 17233-17086 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 1.1 2024-08-21T00:00:00 <p>Information published.</p> 1.2 2024-09-25T00:00:00 <p>Information published.</p> 2.0 2026-02-19T01:06:57 <p>Information published.</p> wifi: mt76: replace skb_put with skb_put_zero <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42225 Use of Uninitialized Resource 17263-16823 17661-17084 19731-17086 17671-17084 17233-17086 17263-16823 17661-17084 19731-17086 17671-17084 17233-17086 Important 17263-16823 Important 17661-17084 19731-17086 Important 17671-17084 Important 17233-17086 7.5 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 19731-17086 7.5 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 17671-17084 7.5 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 17233-17086 CBL-Mariner Releases 17263-16823 No Security Update 5.15.163.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17263-16823 CBL-Mariner Releases CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases CBL-Mariner Releases 19731-17086 17233-17086 No Security Update 5.15.164.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19731-17086 17233-17086 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 2.0 2026-02-18T02:47:59 <p>Information published.</p> 1.1 2024-08-21T00:00:00 <p>Information published.</p> Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42226 17661-17084 17671-17084 17661-17084 17671-17084 Moderate 17661-17084 17671-17084 CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> crypto: aeadcipher - zeroize key buffer after use <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42229 17250-16823 17661-17084 19731-17086 17671-17084 17233-17086 17250-16823 17661-17084 19731-17086 17671-17084 17233-17086 Moderate 17250-16823 Moderate 17661-17084 19731-17086 Moderate 17671-17084 Moderate 17233-17086 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 17250-16823 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 17661-17084 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 19731-17086 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 17671-17084 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 17233-17086 CBL-Mariner Releases 17250-16823 19731-17086 17233-17086 No Security Update 5.15.164.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17250-16823 19731-17086 17233-17086 CBL-Mariner Releases CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 1.1 2024-08-21T00:00:00 <p>Information published.</p> 2.0 2026-02-18T02:57:02 <p>Information published.</p> powerpc/pseries: Fix scv instruction crash with kexec <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42230 17661-17084 19673-17086 17671-17084 17095-17086 17661-17084 19673-17086 17671-17084 17095-17086 Moderate 17661-17084 19673-17086 Moderate 17671-17084 Moderate 17095-17086 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17661-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 19673-17086 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17671-17084 4.4 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 17095-17086 CBL-Mariner Releases 17661-17084 17671-17084 No Security Update 6.6.43.1-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17661-17084 17671-17084 CBL-Mariner Releases 1.0 2024-08-16T00:00:00 <p>Information published.</p> 2.0 2026-02-18T02:50:24 <p>Information published.</p> Gtk3: gtk2: library injection from cwd <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2024-6655 Improper Control of Generation of Code ('Code Injection') 17687-17084 17688-17084 20032-17086 20034-17086 17687-17084 17688-17084 20032-17086 20034-17086 Important 17687-17084 Important 17688-17084 Important 20032-17086 Important 20034-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 17687-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 17688-17084 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 20032-17086 7.0 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 20034-17086 CBL-Mariner Releases 17687-17084 20032-17086 No Security Update 2.24.32-12 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17687-17084 20032-17086 CBL-Mariner Releases CBL-Mariner Releases 17688-17084 20034-17086 No Security Update 3.24.28-10 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17688-17084 20034-17086 CBL-Mariner Releases 1.0 2024-08-05T00:00:00 <p>Information published.</p> 1.1 2024-08-15T00:00:00 <p>Information published.</p> 1.2 2024-08-16T00:00:00 <p>Information published.</p> 1.3 2024-08-17T00:00:00 <p>Information published.</p> 1.4 2024-08-18T00:00:00 <p>Information published.</p> 1.5 2024-08-19T00:00:00 <p>Information published.</p> 1.6 2024-08-20T00:00:00 <p>Information published.</p> 1.7 2024-08-21T00:00:00 <p>Information published.</p> 1.8 2024-08-22T00:00:00 <p>Information published.</p> 1.9 2024-08-23T00:00:00 <p>Information published.</p> 2.0 2024-08-24T00:00:00 <p>Information published.</p> 2.1 2024-08-25T00:00:00 <p>Information published.</p> 2.2 2024-08-26T00:00:00 <p>Information published.</p> 2.3 2024-08-27T00:00:00 <p>Information published.</p> 2.4 2024-08-28T00:00:00 <p>Information published.</p> 2.5 2024-08-29T00:00:00 <p>Information published.</p> 2.6 2024-08-30T00:00:00 <p>Information published.</p> 2.7 2024-08-31T00:00:00 <p>Information published.</p> 2.8 2024-09-01T00:00:00 <p>Information published.</p> 2.9 2024-09-02T00:00:00 <p>Information published.</p> 3.0 2024-09-03T00:00:00 <p>Information published.</p> 3.1 2024-09-05T00:00:00 <p>Information published.</p> 3.2 2024-09-06T00:00:00 <p>Information published.</p> 3.3 2024-09-07T00:00:00 <p>Information published.</p> 3.4 2024-09-08T00:00:00 <p>Information published.</p> 3.5 2024-09-11T00:00:00 <p>Information published.</p> 3.6 2026-02-18T01:45:21 <p>Information published.</p> macidn punycode buffer overread <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner curl Yes CVE-2024-6874 Out-of-bounds Read 17271-16823 17628-17084 17629-17084 19799-17086 17579-17084 17464-17084 17271-16823 17628-17084 17629-17084 19799-17086 17579-17084 17464-17084 Moderate 17271-16823 Moderate 17628-17084 Low 17629-17084 Moderate 19799-17086 Moderate 17579-17084 Moderate 17464-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 17271-16823 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 17628-17084 4.3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 17629-17084 3.1 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N 19799-17086 3.1 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N 17579-17084 3.1 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N 17464-17084 CBL-Mariner Releases 17271-16823 17629-17084 No Security Update 8.8.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17271-16823 17629-17084 CBL-Mariner Releases CBL-Mariner Releases 17628-17084 17464-17084 No Security Update 3.30.3-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17628-17084 17464-17084 CBL-Mariner Releases CBL-Mariner Releases 17579-17084 No Security Update 8.11.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17579-17084 CBL-Mariner Releases 1.0 2024-10-01T00:00:00 <p>Information published.</p> 1.1 2025-03-13T00:00:00 <p>Added curl to Azure Linux 3.0 Added cmake to Azure Linux 3.0</p> 1.2 2026-02-18T02:46:17 <p>Information published.</p> TensorFlow segfault in array_ops.upper_bound <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner GitHub_M Yes CVE-2023-33976 Integer Overflow or Wraparound 19668-17086 19668-17086 Important 19668-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19668-17086 CBL-Mariner Releases 19668-17086 No Security Update 2.11.1-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19668-17086 CBL-Mariner Releases 1.1 2026-02-19T01:02:27 <p>Information published.</p> 1.0 2024-09-11T00:00:00 <p>Information published.</p> The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily e.g. leading to a denial of service (network is unreachable errors) when IPv6 packets are sent in a loop via a raw socket. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2023-52340 18096-16823 19673-17086 17095-17086 18096-16823 19673-17086 17095-17086 Important 18096-16823 19673-17086 Important 17095-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18096-16823 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19673-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17095-17086 CBL-Mariner Releases 18096-16823 No Security Update 5.15.147.1-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18096-16823 CBL-Mariner Releases CBL-Mariner Releases 19673-17086 17095-17086 No Security Update 5.15.148.2-2 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19673-17086 17095-17086 CBL-Mariner Releases 2.0 2026-02-18T01:32:53 <p>Information published.</p> 1.0 2024-08-10T00:00:00 <p>Information published.</p> 1.1 2024-09-11T00:00:00 <p>Information published.</p> 1.2 2024-12-03T00:00:00 <p>Added kernel to CBL-Mariner 2.0</p> drm/amd/display: Add NULL pointer check for kzalloc <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42122 NULL Pointer Dereference 17501-17084 19529-17084 17087-17086 20925-17086 21093-17086 17501-17084 19529-17084 17087-17086 20925-17086 21093-17086 Moderate 17501-17084 Moderate 19529-17084 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19529-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 CBL-Mariner Releases 17501-17084 No Security Update 6.6.64.2-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17501-17084 CBL-Mariner Releases CBL-Mariner Releases 19529-17084 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 CBL-Mariner Releases 1.1 2026-02-21T01:20:59 <p>Information published.</p> 2.0 2026-03-03T14:53:15 <p>Information published.</p> 1.0 2025-09-03T19:48:19 <p>Information published.</p> 3.0 2026-03-31T15:09:29 <p>Information published.</p> i2c: lpi2c: Avoid calling clk_get_rate during transfer <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-40965 Improper Locking 17501-17084 20925-17086 17087-17086 19529-17084 21093-17086 17501-17084 20925-17086 17087-17086 19529-17084 21093-17086 Moderate 17501-17084 Moderate 20925-17086 Moderate 17087-17086 Moderate 19529-17084 Moderate 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17501-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19529-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 CBL-Mariner Releases 17501-17084 No Security Update 6.6.64.2-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17501-17084 CBL-Mariner Releases CBL-Mariner Releases 19529-17084 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 CBL-Mariner Releases 1.1 2026-02-18T02:06:45 <p>Information published.</p> 2.0 2026-03-03T14:51:27 <p>Information published.</p> 3.0 2026-03-31T15:06:52 <p>Information published.</p> 1.0 2025-09-03T22:26:33 <p>Information published.</p> s390/pkey: Wipe copies of clear-key structures on failure <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42156 17501-17084 17087-17086 19529-17084 20925-17086 21093-17086 17501-17084 17087-17086 19529-17084 20925-17086 21093-17086 Moderate 17501-17084 Moderate 17087-17086 Moderate 19529-17084 Moderate 20925-17086 Moderate 21093-17086 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 17501-17084 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 17087-17086 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 19529-17084 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 20925-17086 4.1 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 21093-17086 CBL-Mariner Releases 17501-17084 No Security Update 6.6.64.2-9 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17501-17084 CBL-Mariner Releases CBL-Mariner Releases 19529-17084 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19529-17084 CBL-Mariner Releases 2.0 2026-03-03T14:40:23 <p>Information published.</p> 3.0 2026-03-31T14:49:08 <p>Information published.</p> 1.0 2025-09-03T19:50:42 <p>Information published.</p> 1.1 2025-11-19T01:51:04 <p>Information published.</p> 1.2 2026-02-19T01:09:06 <p>Information published.</p> Denial of service due to improper 100-continue handling in net/http <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2024-24791 17701-17084 19668-17086 17667-17084 18315-17084 19693-17084 19718-17086 19730-17086 19697-17084 19712-17086 19747-17086 19785-17086 18447-17086 18444-17086 17701-17084 19668-17086 17667-17084 18315-17084 19693-17084 19718-17086 19730-17086 19697-17084 19712-17086 19747-17086 19785-17086 18447-17086 18444-17086 Important 17701-17084 Important 19668-17086 Important 17667-17084 Important 18315-17084 Important 19693-17084 19718-17086 Important 19730-17086 Important 19697-17084 Important 19712-17086 19747-17086 Important 19785-17086 Important 18447-17086 Important 18444-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17701-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19668-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 17667-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18315-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19693-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19718-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19730-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19697-17084 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19712-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19747-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 19785-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18447-17086 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 18444-17086 CBL-Mariner Releases 17701-17084 No Security Update 1.22.5-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17701-17084 CBL-Mariner Releases 1.0 2025-09-03T19:49:12 <p>Information published.</p> 2.0 2026-02-18T01:11:21 <p>Information published.</p> Output of "go env" does not sanitize values in cmd/go <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Go Yes CVE-2023-24531 19693-17084 19747-17086 18315-17084 19762-17084 20366-17086 18097-16823 18098-16823 18099-17084 19712-17086 19718-17086 19668-17086 19730-17086 19679-17084 17667-17084 19755-17086 19697-17084 20519-17086 18447-17086 18444-17086 19693-17084 19747-17086 18315-17084 19762-17084 20366-17086 18097-16823 18098-16823 18099-17084 19712-17086 19718-17086 19668-17086 19730-17086 19679-17084 17667-17084 19755-17086 19697-17084 20519-17086 18447-17086 18444-17086 Moderate 19693-17084 19747-17086 Moderate 18315-17084 Critical 19762-17084 20366-17086 Critical 18097-16823 Critical 18098-16823 Critical 18099-17084 Moderate 19712-17086 19718-17086 Moderate 19668-17086 Moderate 19730-17086 Moderate 19679-17084 Moderate 17667-17084 19755-17086 Critical 19697-17084 Important 20519-17086 Moderate 18447-17086 Moderate 18444-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19693-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19747-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18315-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19762-17084 7.3 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 20366-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18097-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18098-16823 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18099-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19712-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19718-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19668-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19730-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19679-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 17667-17084 7.3 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 19755-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 19697-17084 7.3 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 20519-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18447-17086 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18444-17086 CBL-Mariner Releases 19747-17086 19762-17084 19730-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19747-17086 19762-17084 19730-17086 CBL-Mariner Releases CBL-Mariner Releases 18097-16823 18098-16823 18099-17084 No Security Update 1.21.0-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18097-16823 18098-16823 18099-17084 CBL-Mariner Releases 1.0 2025-09-03T19:39:38 <p>Information published.</p> 2.0 2026-02-18T01:06:58 <p>Information published.</p> nvme-rdma: fix possible use-after-free in transport error_recovery work <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2022-48788 Use After Free 18455-16823 19894-17086 17123-17086 18455-16823 19894-17086 17123-17086 Important 18455-16823 19894-17086 Important 17123-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 18455-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19894-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17123-17086 CBL-Mariner Releases 18455-16823 No Security Update - https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18455-16823 CBL-Mariner Releases CBL-Mariner Releases 19894-17086 17123-17086 No Security Update 5.15.32.1-3 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 19894-17086 17123-17086 CBL-Mariner Releases 1.2 2024-12-03T00:00:00 <p>Added kernel to CBL-Mariner 2.0</p> 2.0 2026-02-19T01:12:24 <p>Information published.</p> 1.0 2024-08-10T00:00:00 <p>Information published.</p> 1.1 2024-09-11T00:00:00 <p>Information published.</p> Qemu-kvm: 'qemu-img info' leads to host file read/write <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2024-4467 Uncontrolled Resource Consumption 17093-16823 17460-17084 19662-17086 17459-17084 17093-17086 17093-16823 17460-17084 19662-17086 17459-17084 17093-17086 Important 17093-16823 Important 17460-17084 19662-17086 Important 17459-17084 Important 17093-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17093-16823 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17460-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 19662-17086 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17459-17084 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 17093-17086 CBL-Mariner Releases 17093-16823 19662-17086 17093-17086 No Security Update 6.2.0-24 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17093-16823 19662-17086 17093-17086 CBL-Mariner Releases CBL-Mariner Releases 17460-17084 17459-17084 No Security Update 8.2.0-14 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17460-17084 17459-17084 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> 3.0 2026-02-18T02:51:31 <p>Information published.</p> 2.0 2025-05-06T00:00:00 <p>Information published.</p> Qemu-kvm: virtio-net: queue index out-of-bounds access in software rss <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner redhat Yes CVE-2024-6505 Out-of-bounds Read 17093-16823 17460-17084 19662-17086 17459-17084 17093-17086 17093-16823 17460-17084 19662-17086 17459-17084 17093-17086 Moderate 17093-16823 Moderate 17460-17084 19662-17086 Moderate 17459-17084 Moderate 17093-17086 6.8 6.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H 17093-16823 6.8 6.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H 17460-17084 6.8 6.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H 19662-17086 6.8 6.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H 17459-17084 6.8 6.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H 17093-17086 CBL-Mariner Releases 17093-16823 19662-17086 17093-17086 No Security Update 6.2.0-24 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17093-16823 19662-17086 17093-17086 CBL-Mariner Releases CBL-Mariner Releases 17460-17084 17459-17084 No Security Update 8.2.0-14 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17460-17084 17459-17084 CBL-Mariner Releases 1.0 2025-05-05T00:00:00 <p>Information published.</p> 2.0 2025-05-06T00:00:00 <p>Information published.</p> 3.0 2026-02-18T02:48:16 <p>Information published.</p> drm/xe/xe_devcoredump: Check NULL before assignments <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42081 NULL Pointer Dereference 20412-17084 20613-17084 20725-17084 20788-17084 20860-17084 21094-17084 17087-17086 19683-17084 20553-17084 20823-17084 20925-17086 20956-17084 21093-17086 21248-17084 21308-17084 21332-17084 21344-17084 20412-17084 20613-17084 20725-17084 20788-17084 20860-17084 21094-17084 17087-17086 19683-17084 20553-17084 20823-17084 20925-17086 20956-17084 21093-17086 21248-17084 21308-17084 21332-17084 21344-17084 Moderate 20412-17084 Moderate 20613-17084 Moderate 20725-17084 Moderate 20788-17084 Moderate 20860-17084 Moderate 21094-17084 Moderate 17087-17086 19683-17084 Moderate 20553-17084 Moderate 20823-17084 Moderate 20925-17086 Moderate 20956-17084 Moderate 21093-17086 Moderate 21248-17084 Moderate 21308-17084 Moderate 21332-17084 Moderate 21344-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20412-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20613-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20788-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20860-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21094-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 19683-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20553-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20823-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20956-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21248-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21308-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21332-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21344-17084 1.0 2025-09-03T21:57:25 <p>Information published.</p> 2.0 2025-12-07T01:37:30 <p>Information published.</p> 4.0 2026-01-20T14:36:28 <p>Information published.</p> 5.0 2026-02-18T03:04:14 <p>Information published.</p> 11.0 2026-05-11T01:39:05 <p>Information published.</p> 3.0 2026-01-08T14:36:51 <p>Information published.</p> 6.0 2026-03-03T14:39:32 <p>Information published.</p> 7.0 2026-03-04T14:36:52 <p>Information published.</p> 8.0 2026-03-31T14:47:47 <p>Information published.</p> 9.0 2026-04-29T14:40:11 <p>Information published.</p> 10.0 2026-05-06T14:38:32 <p>Information published.</p> 12.0 2026-05-17T14:39:42 <p>Information published.</p> A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox < 128 and Thunderbird < 128. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mozilla Yes CVE-2024-6611 Sensitive Cookie with Improper SameSite Attribute 18469-17084 18469-17084 Critical 18469-17084 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 18469-17084 1.1 2026-02-18T02:11:22 <p>Information published.</p> 1.0 2025-09-03T22:10:27 <p>Information published.</p> Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.4.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner oracle Yes CVE-2024-21176 17539-17084 19852-17086 17153-17086 17539-17084 19852-17086 17153-17086 Moderate 17539-17084 19852-17086 Moderate 17153-17086 5.3 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17539-17084 5.3 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 19852-17086 5.3 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 17153-17086 CBL-Mariner Releases 17539-17084 19852-17086 No Security Update https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17539-17084 19852-17086 CBL-Mariner Releases 1.0 2025-09-04T03:09:45 <p>Information published.</p> 2.0 2026-02-21T03:42:18 <p>Information published.</p> riscv: rewrite __kernel_map_pages() to fix sleeping in invalid context <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-40915 Improper Locking 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 17087-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 20925-17086 5.5 5.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U 21093-17086 2.0 2026-03-03T14:40:54 <p>Information published.</p> 1.0 2025-09-20T01:02:03 <p>Information published.</p> 3.0 2026-03-31T15:00:02 <p>Information published.</p> parisc: Try to fix random segmentation faults in package builds <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-40918 17087-17086 17087-17086 Moderate 17087-17086 6.3 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U 17087-17086 1.0 2025-09-20T01:02:09 <p>Information published.</p> Rejected reason: This was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security model, and the associated CVE has been rescinded. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner HeroDevs Yes CVE-2024-6484 19082-17084 19407-17084 19445-17084 19666-17084 20124-17086 20326-17086 20328-17086 19787-17086 19949-17086 19814-17086 19082-17084 19407-17084 19445-17084 19666-17084 20124-17086 20326-17086 20328-17086 19787-17086 19949-17086 19814-17086 Low 19082-17084 Low 19407-17084 Low 19445-17084 Low 19666-17084 Low 20124-17086 Low 20326-17086 Low 20328-17086 Low 19787-17086 Low 19949-17086 Low 19814-17086 3.3 3.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N 19082-17084 3.3 3.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N 19407-17084 3.3 3.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N 19445-17084 3.3 3.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N 19666-17084 3.9 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N 20124-17086 3.3 3.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N 20326-17086 3.3 3.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N 20328-17086 3.3 3.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N 19787-17086 3.6 3.6 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N 19949-17086 3.3 3.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N 19814-17086 CBL-Mariner Releases 20124-17086 No Security Update 3.1.1-19 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20124-17086 CBL-Mariner Releases 1.0 2025-10-01T23:11:35 <p>Information published.</p> 2.0 2026-02-21T03:23:26 <p>Information published.</p> ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-40998 Use of Uninitialized Resource 21093-17086 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 Moderate 21093-17086 Moderate 17087-17086 Moderate 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 2.0 2026-03-03T14:50:37 <p>Information published.</p> 1.0 2025-09-27T01:02:25 <p>Information published.</p> 3.0 2026-03-31T15:12:30 <p>Information published.</p> xfs: don't walk off the end of a directory data block <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-41013 Out-of-bounds Read 20925-17086 17087-17086 21093-17086 20925-17086 17087-17086 21093-17086 Important 20925-17086 Important 17087-17086 Important 21093-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 20925-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 17087-17086 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 21093-17086 2.0 2026-03-03T14:50:54 <p>Information published.</p> 1.0 2025-09-27T01:02:30 <p>Information published.</p> 3.0 2026-04-01T01:52:41 <p>Information published.</p> leds: an30259a: Use devm_mutex_init() for mutex initialization <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42128 Use of Uninitialized Resource 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-10-02T01:04:07 <p>Information published.</p> leds: mlxreg: Use devm_mutex_init() for mutex initialization <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-42129 Use of Uninitialized Resource 17087-17086 17087-17086 Moderate 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 1.0 2025-10-02T01:04:12 <p>Information published.</p> tty: add the option to have a tty reject a new ldisc <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-40966 17087-17086 20925-17086 21093-17086 17087-17086 20925-17086 21093-17086 Moderate 17087-17086 Moderate 20925-17086 Moderate 21093-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 17087-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20925-17086 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 21093-17086 1.0 2025-10-08T01:01:31 <p>Information published.</p> 2.0 2026-03-03T14:58:03 <p>Information published.</p> 3.0 2026-03-31T15:18:54 <p>Information published.</p> KVM: arm64: Disassociate vcpus from redistributor region on teardown <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner Linux Yes CVE-2024-40989 Use After Free 17087-17086 21093-17086 20925-17086 17087-17086 21093-17086 20925-17086 Moderate 17087-17086 Moderate 21093-17086 Moderate 20925-17086 5.6 5.6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H 17087-17086 5.6 5.6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H 21093-17086 5.6 5.6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H 20925-17086 1.0 2025-10-08T01:01:37 <p>Information published.</p> 2.0 2026-03-03T14:58:21 <p>Information published.</p> 3.0 2026-03-31T15:18:59 <p>Information published.</p> XSS in Bootstrap button component Mariner HeroDevs Yes CVE-2024-6485 Improper Neutralization of Input During Web Page Generation (&#39;Cross-site Scripting&#39;) 20124-17086 20776-17086 20697-17086 20124-17086 20776-17086 20697-17086 Moderate 20124-17086 Moderate 20776-17086 Moderate 20697-17086 6.4 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L/E:U 20124-17086 6.4 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L/E:U 20776-17086 6.4 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L/E:U 20697-17086 CBL-Mariner Releases 20776-17086 20697-17086 No Security Update 3.1.1-22 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 20776-17086 20697-17086 CBL-Mariner Releases 2.0 2025-12-06T14:41:16 <p>Information published.</p> 3.0 2025-12-19T01:36:20 <p>Information published.</p> 4.0 2026-01-03T01:39:48 <p>Information published.</p> 1.0 2025-12-05T01:04:14 <p>Information published.</p> drm/vrr: Set VRR capable prop only if it is attached to connector Mariner Linux Yes CVE-2022-48843 NULL Pointer Dereference 20725-17084 20725-17084 Moderate 20725-17084 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 20725-17084 1.0 2025-12-24T01:04:40 <p>Information published.</p> Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authorized attacker must be on the network to monitor domain network traffic (PR:L) while monitoring for user (UI:R) generated network traffic, or alternatively that attacker convinces an authenticated user to execute a malicious script, as a step to exploit this vulnerability.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>This vulnerability discloses data stored in the underlying datasets in Dataverse, that could include Personal Identifiable Information.</p> Microsoft Dynamics Microsoft Yes CVE-2024-30061 Improper Authorization 11921 Information Disclosure 11921 Important 11921 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.3 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11921 5037940 https://www.microsoft.com/download/details.aspx?familyid=cb793a97-d02e-4de0-acdf-ee5b04b6bb7d 11921 Maybe Security Update 9.1.28.09 https://support.microsoft.com/help/5037940 11921 5037940 <a href="https://twitter.com/kire_devs_hacks">Erik Donker</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Windows Text Services Framework Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained (&quot;sandboxed&quot;) execution environment to a Medium Integrity Level or a High Integrity Level.</p> <p>Please refer to <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation">AppContainer isolation</a> and <a href="https://learn.microsoft.com/en-us/windows/win32/secauthz/mandatory-integrity-control">Mandatory Integrity Control</a> for more information.</p> <p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>In this case, a successful attack could be performed from a low privilege <a href="https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation">AppContainer</a>. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.</p> Windows CoreMessaging Microsoft Yes CVE-2024-21417 Missing Authorization 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 1.0 2024-07-09T07:00:00 <p>Information published.</p> Secure Boot Security Feature Bypass Vulnerability <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>An authenticated attacker could exploit this vulnerability with LAN access.</p> <p><strong>How could an attacker successfully exploit this vulnerability?</strong></p> <p>To exploit the vulnerability, an attacker who has physical access or Administrative rights to a target device could install a malicious .wim file</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p> Windows Secure Boot Microsoft Yes CVE-2024-28899 Stack-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Windows NTLM Spoofing Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> Windows NTLM Microsoft Yes CVE-2024-30081 Exposure of Sensitive Information to an Unauthorized Actor 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Spoofing 11568 Spoofing 11569 Spoofing 11571 Spoofing 11572 Spoofing 11923 Spoofing 11924 Spoofing 11926 Spoofing 11927 Spoofing 11929 Spoofing 11930 Spoofing 11931 Spoofing 12085 Spoofing 12086 Spoofing 12097 Spoofing 12098 Spoofing 12099 Spoofing 12242 Spoofing 12243 Spoofing 12244 Spoofing 10729 Spoofing 10735 Spoofing 10852 Spoofing 10853 Spoofing 10816 Spoofing 10855 Spoofing 9312 Spoofing 10287 Spoofing 9318 Spoofing 9344 Spoofing 10051 Spoofing 10049 Spoofing 10378 Spoofing 10379 Spoofing 10483 Spoofing 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11568 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11569 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11571 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11572 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11923 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11924 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11926 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11927 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11929 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11930 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 11931 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12085 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12086 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12097 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12098 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12099 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12242 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12243 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 12244 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10729 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10735 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10852 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10853 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10816 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10855 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 9312 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10287 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 9318 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 9344 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10051 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10049 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10378 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10379 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10483 7.1 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040499 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040499 5039245 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22769 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040499 5040499 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040490 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040490 9312 10287 9318 9344 Yes Security Only 6.0.6003.22769 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040490 5040490 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040497 5039289 10051 10049 Yes Monthly Rollup 6.1.7601.27219 https://support.microsoft.com/help/5040497 10051 10049 5040497 5040497 https://support.microsoft.com/help/5040497 10051 10049 5040498 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040498 10051 10049 Yes Security Only 6.1.7601.27219 https://support.microsoft.com/help/5040498 10051 10049 5040498 5040498 https://support.microsoft.com/help/5040498 10051 10049 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 <a href="https://twitter.com/bohops">Jimmy Bayne</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> .NET and Visual Studio Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit this by closing an http/3 stream while the request body is being processed leading to a race condition. This could result in remote code execution.</p> <p><strong>.NET 6.0 was added to the Security Updates table on October 31, 2024 because it is also affected by this vulnerability. Why are the Download and Article links missing for .NET 6.0?</strong></p> <p>HTTP/3 support was only experimental in .NET 6.0. If you are using .NET 6 you must update your application to .NET 8 to be protected. Experimental features will not be patched if a later runtime includes the feature as non-experimental.</p> .NET and Visual Studio Microsoft Yes CVE-2024-35264 Use After Free 12009 12260 12129 12271 12322 12187 Remote Code Execution 12009 Remote Code Execution 12260 Remote Code Execution 12129 Remote Code Execution 12271 Remote Code Execution 12322 Remote Code Execution 12187 Important 12009 Important 12260 Important 12129 Important 12271 Important 12322 Important 12187 Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12009 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12260 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12129 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12271 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12322 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12187 5041081 https://dotnet.microsoft.com/en-us/download/dotnet/8.0 12260 Maybe Security Update 8.0.7 https://support.microsoft.com/help/5041081 12260 5041081 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.21 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8 12271 Maybe Security Update 17.8.12 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12271 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.10 12322 Maybe Security Update 17.10.4 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12322 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.17 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Radek Zikmund of Microsoft Corporation 1.0 2024-07-09T07:00:00 <p>Information published.</p> Windows iSCSI Service Denial of Service Vulnerability <p><strong>According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?</strong></p> <p>This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment.</p> Windows iSCSI Microsoft Yes CVE-2024-35270 Uncontrolled Resource Consumption 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.3 4.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 5.3 4.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 5.3 4.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 5.3 4.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 5.3 4.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 5.3 4.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 5.3 4.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 5.3 4.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 5.3 4.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 5.3 4.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 5.3 4.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 5.3 4.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 5.3 4.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 5.3 4.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 5.3 4.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 5.3 4.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 5.3 4.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 5.3 4.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 5.3 4.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 5.3 4.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 5.3 4.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 5.3 4.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 5.3 4.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 5.3 4.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 5.3 4.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 5.3 4.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 5.3 4.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 5.3 4.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 5.3 4.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 5.3 4.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 5.3 4.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 5.3 4.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 5.3 4.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 5.3 4.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 5.3 4.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040499 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040499 5039245 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22769 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040499 5040499 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040490 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040490 9312 10287 9318 9344 Yes Security Only 6.0.6003.22769 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040490 5040490 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040497 5039289 10051 10049 Yes Monthly Rollup 6.1.7601.27219 https://support.microsoft.com/help/5040497 10051 10049 5040497 5040497 https://support.microsoft.com/help/5040497 10051 10049 5040498 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040498 10051 10049 Yes Security Only 6.1.7601.27219 https://support.microsoft.com/help/5040498 10051 10049 5040498 5040498 https://support.microsoft.com/help/5040498 10051 10049 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5040939</td> <td>Security update for SQL Server 2022 CU13+GDR</td> <td>16.0.4003.1 - 16.0.4125.3</td> <td>KB 5036432 - SQL2022 RTM CU13</td> </tr> <tr> <td>5040936</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1000.6 - 16.0.1115.1</td> <td>KB 5035432 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5040948</td> <td>Security update for SQL Server 2019 CU27+GDR</td> <td>15.0.4003.23 - 15.0.4375.4</td> <td>KB 5037331 - SQL2019 RTM CU27</td> </tr> <tr> <td>5040986</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2000.5 - 15.0.2110.4</td> <td>KB 5035434 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5040940</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3006.16 - 14.0.3465.1</td> <td>KB 5029376 - SQL2017 RTM CU31</td> </tr> <tr> <td>5040942</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.1000.169 - 14.0.2052.1</td> <td>KB 5029375 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5040944</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7000.253 - 13.0.7029.3</td> <td>KB 5029187 - SQL2016 Azure Connect Feature Pack</td> </tr> <tr> <td>5040946</td> <td>Security update for SQL Server 2016RTM+GDR</td> <td>13.0.6300.2 - 13.0.6435.1</td> <td>KB 5029186 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2024-38088 Heap-based Buffer Overflow 11478 11821 12048 12053 12145 12147 12354 12355 Remote Code Execution 11478 Remote Code Execution 11821 Remote Code Execution 12048 Remote Code Execution 12053 Remote Code Execution 12145 Remote Code Execution 12147 Remote Code Execution 12354 Remote Code Execution 12355 Important 11478 Important 11821 Important 12048 Important 12053 Important 12145 Important 12147 Important 12354 Important 12355 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12354 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12355 5040942 https://www.microsoft.com/download/details.aspx?familyid=2969833a-66eb-46f9-a63b-fed652d29e55 11478 Maybe Security Update 14.0.2056.2 https://support.microsoft.com/help/5040942 11478 5040942 5040986 https://www.microsoft.com/download/details.aspx?familyid=54e6afd1-d83d-4542-8aae-6d4cd8a53a78 11821 Yes Security Update 15.0.2116.2 https://support.microsoft.com/help/5040986 11821 5040986 5040946 https://www.microsoft.com/download/details.aspx?familyid=5df9fdcd-6063-4709-8a46-d6e62ce83660 12048 Maybe Security Update 13.0.6441.1 https://support.microsoft.com/help/5040946 12048 5040946 5040944 https://www.microsoft.com/download/details.aspx?familyid=e24660af-2544-4d08-a639-fd5dc1d04292 12053 Maybe Security Update 13.0.7037.1 https://support.microsoft.com/help/5040944 12053 5040944 5040940 https://www.microsoft.com/download/details.aspx?familyid=aa8cdbcf-6dec-4876-864c-55193525d190 12145 Maybe Security Update 14.0.3471.2 https://support.microsoft.com/help/5040940 12145 5040940 5040936 https://www.microsoft.com/download/details.aspx?familyid=7aa8e5e5-86f3-45d9-a539-af03e1ea1f63 12147 Yes Security Update 16.0.1121.4 https://support.microsoft.com/help/5040936 12147 5040936 5040939 https://www.microsoft.com/download/details.aspx?familyid=8c3fdef0-6b0d-4a72-8438-d91f6d23b685 12354 Yes Security Update 16.0.4131.2 https://support.microsoft.com/help/5040939 12354 5040939 5040948 https://www.microsoft.com/download/details.aspx?familyid=1eb429b7-b226-4364-ad7c-405d30b37d1b 12355 Yes Security Update 15.0.4382.1 https://support.microsoft.com/help/5040948 12355 5040948 Anonymous 1.0 2024-07-09T07:00:00 <p>Information published.</p> SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5040939</td> <td>Security update for SQL Server 2022 CU13+GDR</td> <td>16.0.4003.1 - 16.0.4125.3</td> <td>KB 5036432 - SQL2022 RTM CU13</td> </tr> <tr> <td>5040936</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1000.6 - 16.0.1115.1</td> <td>KB 5035432 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5040948</td> <td>Security update for SQL Server 2019 CU27+GDR</td> <td>15.0.4003.23 - 15.0.4375.4</td> <td>KB 5037331 - SQL2019 RTM CU27</td> </tr> <tr> <td>5040986</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2000.5 - 15.0.2110.4</td> <td>KB 5035434 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5040940</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3006.16 - 14.0.3465.1</td> <td>KB 5029376 - SQL2017 RTM CU31</td> </tr> <tr> <td>5040942</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.1000.169 - 14.0.2052.1</td> <td>KB 5029375 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5040944</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7000.253 - 13.0.7029.3</td> <td>KB 5029187 - SQL2016 Azure Connect Feature Pack</td> </tr> <tr> <td>5040946</td> <td>Security update for SQL Server 2016RTM+GDR</td> <td>13.0.6300.2 - 13.0.6435.1</td> <td>KB 5029186 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2024-38087 Double Free 11478 11821 12048 12053 12145 12147 12355 12354 Remote Code Execution 11478 Remote Code Execution 11821 Remote Code Execution 12048 Remote Code Execution 12053 Remote Code Execution 12145 Remote Code Execution 12147 Remote Code Execution 12355 Remote Code Execution 12354 Important 11478 Important 11821 Important 12048 Important 12053 Important 12145 Important 12147 Important 12355 Important 12354 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12355 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12354 5040942 https://www.microsoft.com/download/details.aspx?familyid=2969833a-66eb-46f9-a63b-fed652d29e55 11478 Maybe Security Update 14.0.2056.2 https://support.microsoft.com/help/5040942 11478 5040942 5040986 https://www.microsoft.com/download/details.aspx?familyid=54e6afd1-d83d-4542-8aae-6d4cd8a53a78 11821 Yes Security Update 15.0.2116.2 https://support.microsoft.com/help/5040986 11821 5040986 5040946 https://www.microsoft.com/download/details.aspx?familyid=5df9fdcd-6063-4709-8a46-d6e62ce83660 12048 Maybe Security Update 13.0.6441.1 https://support.microsoft.com/help/5040946 12048 5040946 5040944 https://www.microsoft.com/download/details.aspx?familyid=e24660af-2544-4d08-a639-fd5dc1d04292 12053 Maybe Security Update 13.0.7037.1 https://support.microsoft.com/help/5040944 12053 5040944 5040940 https://www.microsoft.com/download/details.aspx?familyid=aa8cdbcf-6dec-4876-864c-55193525d190 12145 Maybe Security Update 14.0.3471.2 https://support.microsoft.com/help/5040940 12145 5040940 5040936 https://www.microsoft.com/download/details.aspx?familyid=7aa8e5e5-86f3-45d9-a539-af03e1ea1f63 12147 Yes Security Update 16.0.1121.4 https://support.microsoft.com/help/5040936 12147 5040936 5040948 https://www.microsoft.com/download/details.aspx?familyid=1eb429b7-b226-4364-ad7c-405d30b37d1b 12355 Yes Security Update 15.0.4382.1 https://support.microsoft.com/help/5040948 12355 5040948 5040939 https://www.microsoft.com/download/details.aspx?familyid=8c3fdef0-6b0d-4a72-8438-d91f6d23b685 12354 Yes Security Update 16.0.4131.2 https://support.microsoft.com/help/5040939 12354 5040939 Anonymous 1.0 2024-07-09T07:00:00 <p>Information published.</p> SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5040939</td> <td>Security update for SQL Server 2022 CU13+GDR</td> <td>16.0.4003.1 - 16.0.4125.3</td> <td>KB 5036432 - SQL2022 RTM CU13</td> </tr> <tr> <td>5040936</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1000.6 - 16.0.1115.1</td> <td>KB 5035432 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5040948</td> <td>Security update for SQL Server 2019 CU27+GDR</td> <td>15.0.4003.23 - 15.0.4375.4</td> <td>KB 5037331 - SQL2019 RTM CU27</td> </tr> <tr> <td>5040986</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2000.5 - 15.0.2110.4</td> <td>KB 5035434 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5040940</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3006.16 - 14.0.3465.1</td> <td>KB 5029376 - SQL2017 RTM CU31</td> </tr> <tr> <td>5040942</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.1000.169 - 14.0.2052.1</td> <td>KB 5029375 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5040944</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7000.253 - 13.0.7029.3</td> <td>KB 5029187 - SQL2016 Azure Connect Feature Pack</td> </tr> <tr> <td>5040946</td> <td>Security update for SQL Server 2016RTM+GDR</td> <td>13.0.6300.2 - 13.0.6435.1</td> <td>KB 5029186 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2024-21332 Use After Free 11478 11821 12048 12053 12145 12147 12354 12355 Remote Code Execution 11478 Remote Code Execution 11821 Remote Code Execution 12048 Remote Code Execution 12053 Remote Code Execution 12145 Remote Code Execution 12147 Remote Code Execution 12354 Remote Code Execution 12355 Important 11478 Important 11821 Important 12048 Important 12053 Important 12145 Important 12147 Important 12354 Important 12355 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12354 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12355 5040942 https://www.microsoft.com/download/details.aspx?familyid=2969833a-66eb-46f9-a63b-fed652d29e55 11478 Maybe Security Update 14.0.2056.2 https://support.microsoft.com/help/5040942 11478 5040942 5040986 https://www.microsoft.com/download/details.aspx?familyid=54e6afd1-d83d-4542-8aae-6d4cd8a53a78 11821 Yes Security Update 15.0.2116.2 https://support.microsoft.com/help/5040986 11821 5040986 5040946 https://www.microsoft.com/download/details.aspx?familyid=5df9fdcd-6063-4709-8a46-d6e62ce83660 12048 Maybe Security Update 13.0.6441.1 https://support.microsoft.com/help/5040946 12048 5040946 5040944 https://www.microsoft.com/download/details.aspx?familyid=e24660af-2544-4d08-a639-fd5dc1d04292 12053 Maybe Security Update 13.0.7037.1 https://support.microsoft.com/help/5040944 12053 5040944 5040940 https://www.microsoft.com/download/details.aspx?familyid=aa8cdbcf-6dec-4876-864c-55193525d190 12145 Maybe Security Update 14.0.3471.2 https://support.microsoft.com/help/5040940 12145 5040940 5040936 https://www.microsoft.com/download/details.aspx?familyid=7aa8e5e5-86f3-45d9-a539-af03e1ea1f63 12147 Yes Security Update 16.0.1121.4 https://support.microsoft.com/help/5040936 12147 5040936 5040939 https://www.microsoft.com/download/details.aspx?familyid=8c3fdef0-6b0d-4a72-8438-d91f6d23b685 12354 Yes Security Update 16.0.4131.2 https://support.microsoft.com/help/5040939 12354 5040939 5040948 https://www.microsoft.com/download/details.aspx?familyid=1eb429b7-b226-4364-ad7c-405d30b37d1b 12355 Yes Security Update 15.0.4382.1 https://support.microsoft.com/help/5040948 12355 5040948 Anonymous 1.0 2024-07-09T07:00:00 <p>Information published.</p> SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5040939</td> <td>Security update for SQL Server 2022 CU13+GDR</td> <td>16.0.4003.1 - 16.0.4125.3</td> <td>KB 5036432 - SQL2022 RTM CU13</td> </tr> <tr> <td>5040936</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1000.6 - 16.0.1115.1</td> <td>KB 5035432 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5040948</td> <td>Security update for SQL Server 2019 CU27+GDR</td> <td>15.0.4003.23 - 15.0.4375.4</td> <td>KB 5037331 - SQL2019 RTM CU27</td> </tr> <tr> <td>5040986</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2000.5 - 15.0.2110.4</td> <td>KB 5035434 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5040940</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3006.16 - 14.0.3465.1</td> <td>KB 5029376 - SQL2017 RTM CU31</td> </tr> <tr> <td>5040942</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.1000.169 - 14.0.2052.1</td> <td>KB 5029375 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5040944</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7000.253 - 13.0.7029.3</td> <td>KB 5029187 - SQL2016 Azure Connect Feature Pack</td> </tr> <tr> <td>5040946</td> <td>Security update for SQL Server 2016RTM+GDR</td> <td>13.0.6300.2 - 13.0.6435.1</td> <td>KB 5029186 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2024-21333 Heap-based Buffer Overflow 11478 11821 12048 12053 12145 12147 12355 12354 Remote Code Execution 11478 Remote Code Execution 11821 Remote Code Execution 12048 Remote Code Execution 12053 Remote Code Execution 12145 Remote Code Execution 12147 Remote Code Execution 12355 Remote Code Execution 12354 Important 11478 Important 11821 Important 12048 Important 12053 Important 12145 Important 12147 Important 12355 Important 12354 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12355 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12354 5040942 https://www.microsoft.com/download/details.aspx?familyid=2969833a-66eb-46f9-a63b-fed652d29e55 11478 Maybe Security Update 14.0.2056.2 https://support.microsoft.com/help/5040942 11478 5040942 5040986 https://www.microsoft.com/download/details.aspx?familyid=54e6afd1-d83d-4542-8aae-6d4cd8a53a78 11821 Yes Security Update 15.0.2116.2 https://support.microsoft.com/help/5040986 11821 5040986 5040946 https://www.microsoft.com/download/details.aspx?familyid=5df9fdcd-6063-4709-8a46-d6e62ce83660 12048 Maybe Security Update 13.0.6441.1 https://support.microsoft.com/help/5040946 12048 5040946 5040944 https://www.microsoft.com/download/details.aspx?familyid=e24660af-2544-4d08-a639-fd5dc1d04292 12053 Maybe Security Update 13.0.7037.1 https://support.microsoft.com/help/5040944 12053 5040944 5040940 https://www.microsoft.com/download/details.aspx?familyid=aa8cdbcf-6dec-4876-864c-55193525d190 12145 Maybe Security Update 14.0.3471.2 https://support.microsoft.com/help/5040940 12145 5040940 5040936 https://www.microsoft.com/download/details.aspx?familyid=7aa8e5e5-86f3-45d9-a539-af03e1ea1f63 12147 Yes Security Update 16.0.1121.4 https://support.microsoft.com/help/5040936 12147 5040936 5040948 https://www.microsoft.com/download/details.aspx?familyid=1eb429b7-b226-4364-ad7c-405d30b37d1b 12355 Yes Security Update 15.0.4382.1 https://support.microsoft.com/help/5040948 12355 5040948 5040939 https://www.microsoft.com/download/details.aspx?familyid=8c3fdef0-6b0d-4a72-8438-d91f6d23b685 12354 Yes Security Update 16.0.4131.2 https://support.microsoft.com/help/5040939 12354 5040939 Anonymous 1.0 2024-07-09T07:00:00 <p>Information published.</p> SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5040939</td> <td>Security update for SQL Server 2022 CU13+GDR</td> <td>16.0.4003.1 - 16.0.4125.3</td> <td>KB 5036432 - SQL2022 RTM CU13</td> </tr> <tr> <td>5040936</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1000.6 - 16.0.1115.1</td> <td>KB 5035432 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5040948</td> <td>Security update for SQL Server 2019 CU27+GDR</td> <td>15.0.4003.23 - 15.0.4375.4</td> <td>KB 5037331 - SQL2019 RTM CU27</td> </tr> <tr> <td>5040986</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2000.5 - 15.0.2110.4</td> <td>KB 5035434 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5040940</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3006.16 - 14.0.3465.1</td> <td>KB 5029376 - SQL2017 RTM CU31</td> </tr> <tr> <td>5040942</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.1000.169 - 14.0.2052.1</td> <td>KB 5029375 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5040944</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7000.253 - 13.0.7029.3</td> <td>KB 5029187 - SQL2016 Azure Connect Feature Pack</td> </tr> <tr> <td>5040946</td> <td>Security update for SQL Server 2016RTM+GDR</td> <td>13.0.6300.2 - 13.0.6435.1</td> <td>KB 5029186 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2024-21335 Heap-based Buffer Overflow 11478 11821 12048 12053 12145 12147 12355 12354 Remote Code Execution 11478 Remote Code Execution 11821 Remote Code Execution 12048 Remote Code Execution 12053 Remote Code Execution 12145 Remote Code Execution 12147 Remote Code Execution 12355 Remote Code Execution 12354 Important 11478 Important 11821 Important 12048 Important 12053 Important 12145 Important 12147 Important 12355 Important 12354 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12355 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12354 5040942 https://www.microsoft.com/download/details.aspx?familyid=2969833a-66eb-46f9-a63b-fed652d29e55 11478 Maybe Security Update 14.0.2056.2 https://support.microsoft.com/help/5040942 11478 5040942 5040986 https://www.microsoft.com/download/details.aspx?familyid=54e6afd1-d83d-4542-8aae-6d4cd8a53a78 11821 Yes Security Update 15.0.2116.2 https://support.microsoft.com/help/5040986 11821 5040986 5040946 https://www.microsoft.com/download/details.aspx?familyid=5df9fdcd-6063-4709-8a46-d6e62ce83660 12048 Maybe Security Update 13.0.6441.1 https://support.microsoft.com/help/5040946 12048 5040946 5040944 https://www.microsoft.com/download/details.aspx?familyid=e24660af-2544-4d08-a639-fd5dc1d04292 12053 Maybe Security Update 13.0.7037.1 https://support.microsoft.com/help/5040944 12053 5040944 5040940 https://www.microsoft.com/download/details.aspx?familyid=aa8cdbcf-6dec-4876-864c-55193525d190 12145 Maybe Security Update 14.0.3471.2 https://support.microsoft.com/help/5040940 12145 5040940 5040936 https://www.microsoft.com/download/details.aspx?familyid=7aa8e5e5-86f3-45d9-a539-af03e1ea1f63 12147 Yes Security Update 16.0.1121.4 https://support.microsoft.com/help/5040936 12147 5040936 5040948 https://www.microsoft.com/download/details.aspx?familyid=1eb429b7-b226-4364-ad7c-405d30b37d1b 12355 Yes Security Update 15.0.4382.1 https://support.microsoft.com/help/5040948 12355 5040948 5040939 https://www.microsoft.com/download/details.aspx?familyid=8c3fdef0-6b0d-4a72-8438-d91f6d23b685 12354 Yes Security Update 16.0.4131.2 https://support.microsoft.com/help/5040939 12354 5040939 Anonymous 1.0 2024-07-09T07:00:00 <p>Information published.</p> SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5040939</td> <td>Security update for SQL Server 2022 CU13+GDR</td> <td>16.0.4003.1 - 16.0.4125.3</td> <td>KB 5036432 - SQL2022 RTM CU13</td> </tr> <tr> <td>5040936</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1000.6 - 16.0.1115.1</td> <td>KB 5035432 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5040948</td> <td>Security update for SQL Server 2019 CU27+GDR</td> <td>15.0.4003.23 - 15.0.4375.4</td> <td>KB 5037331 - SQL2019 RTM CU27</td> </tr> <tr> <td>5040986</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2000.5 - 15.0.2110.4</td> <td>KB 5035434 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5040940</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3006.16 - 14.0.3465.1</td> <td>KB 5029376 - SQL2017 RTM CU31</td> </tr> <tr> <td>5040942</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.1000.169 - 14.0.2052.1</td> <td>KB 5029375 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5040944</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7000.253 - 13.0.7029.3</td> <td>KB 5029187 - SQL2016 Azure Connect Feature Pack</td> </tr> <tr> <td>5040946</td> <td>Security update for SQL Server 2016RTM+GDR</td> <td>13.0.6300.2 - 13.0.6435.1</td> <td>KB 5029186 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2024-21373 Heap-based Buffer Overflow 11478 11821 12048 12053 12145 12147 12355 12354 Remote Code Execution 11478 Remote Code Execution 11821 Remote Code Execution 12048 Remote Code Execution 12053 Remote Code Execution 12145 Remote Code Execution 12147 Remote Code Execution 12355 Remote Code Execution 12354 Important 11478 Important 11821 Important 12048 Important 12053 Important 12145 Important 12147 Important 12355 Important 12354 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12355 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12354 5040942 https://www.microsoft.com/download/details.aspx?familyid=2969833a-66eb-46f9-a63b-fed652d29e55 11478 Maybe Security Update 14.0.2056.2 https://support.microsoft.com/help/5040942 11478 5040942 5040986 https://www.microsoft.com/download/details.aspx?familyid=54e6afd1-d83d-4542-8aae-6d4cd8a53a78 11821 Yes Security Update 15.0.2116.2 https://support.microsoft.com/help/5040986 11821 5040986 5040946 https://www.microsoft.com/download/details.aspx?familyid=5df9fdcd-6063-4709-8a46-d6e62ce83660 12048 Maybe Security Update 13.0.6441.1 https://support.microsoft.com/help/5040946 12048 5040946 5040944 https://www.microsoft.com/download/details.aspx?familyid=e24660af-2544-4d08-a639-fd5dc1d04292 12053 Maybe Security Update 13.0.7037.1 https://support.microsoft.com/help/5040944 12053 5040944 5040940 https://www.microsoft.com/download/details.aspx?familyid=aa8cdbcf-6dec-4876-864c-55193525d190 12145 Maybe Security Update 14.0.3471.2 https://support.microsoft.com/help/5040940 12145 5040940 5040936 https://www.microsoft.com/download/details.aspx?familyid=7aa8e5e5-86f3-45d9-a539-af03e1ea1f63 12147 Yes Security Update 16.0.1121.4 https://support.microsoft.com/help/5040936 12147 5040936 5040948 https://www.microsoft.com/download/details.aspx?familyid=1eb429b7-b226-4364-ad7c-405d30b37d1b 12355 Yes Security Update 15.0.4382.1 https://support.microsoft.com/help/5040948 12355 5040948 5040939 https://www.microsoft.com/download/details.aspx?familyid=8c3fdef0-6b0d-4a72-8438-d91f6d23b685 12354 Yes Security Update 16.0.4131.2 https://support.microsoft.com/help/5040939 12354 5040939 Anonymous 1.0 2024-07-09T07:00:00 <p>Information published.</p> SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5040939</td> <td>Security update for SQL Server 2022 CU13+GDR</td> <td>16.0.4003.1 - 16.0.4125.3</td> <td>KB 5036432 - SQL2022 RTM CU13</td> </tr> <tr> <td>5040936</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1000.6 - 16.0.1115.1</td> <td>KB 5035432 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5040948</td> <td>Security update for SQL Server 2019 CU27+GDR</td> <td>15.0.4003.23 - 15.0.4375.4</td> <td>KB 5037331 - SQL2019 RTM CU27</td> </tr> <tr> <td>5040986</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2000.5 - 15.0.2110.4</td> <td>KB 5035434 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5040940</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3006.16 - 14.0.3465.1</td> <td>KB 5029376 - SQL2017 RTM CU31</td> </tr> <tr> <td>5040942</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.1000.169 - 14.0.2052.1</td> <td>KB 5029375 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5040944</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7000.253 - 13.0.7029.3</td> <td>KB 5029187 - SQL2016 Azure Connect Feature Pack</td> </tr> <tr> <td>5040946</td> <td>Security update for SQL Server 2016RTM+GDR</td> <td>13.0.6300.2 - 13.0.6435.1</td> <td>KB 5029186 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2024-21398 Heap-based Buffer Overflow 11478 11821 12048 12053 12145 12147 12355 12354 Remote Code Execution 11478 Remote Code Execution 11821 Remote Code Execution 12048 Remote Code Execution 12053 Remote Code Execution 12145 Remote Code Execution 12147 Remote Code Execution 12355 Remote Code Execution 12354 Important 11478 Important 11821 Important 12048 Important 12053 Important 12145 Important 12147 Important 12355 Important 12354 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12355 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12354 5040942 https://www.microsoft.com/download/details.aspx?familyid=2969833a-66eb-46f9-a63b-fed652d29e55 11478 Maybe Security Update 14.0.2056.2 https://support.microsoft.com/help/5040942 11478 5040942 5040986 https://www.microsoft.com/download/details.aspx?familyid=54e6afd1-d83d-4542-8aae-6d4cd8a53a78 11821 Yes Security Update 15.0.2116.2 https://support.microsoft.com/help/5040986 11821 5040986 5040946 https://www.microsoft.com/download/details.aspx?familyid=5df9fdcd-6063-4709-8a46-d6e62ce83660 12048 Maybe Security Update 13.0.6441.1 https://support.microsoft.com/help/5040946 12048 5040946 5040944 https://www.microsoft.com/download/details.aspx?familyid=e24660af-2544-4d08-a639-fd5dc1d04292 12053 Maybe Security Update 13.0.7037.1 https://support.microsoft.com/help/5040944 12053 5040944 5040940 https://www.microsoft.com/download/details.aspx?familyid=aa8cdbcf-6dec-4876-864c-55193525d190 12145 Maybe Security Update 14.0.3471.2 https://support.microsoft.com/help/5040940 12145 5040940 5040936 https://www.microsoft.com/download/details.aspx?familyid=7aa8e5e5-86f3-45d9-a539-af03e1ea1f63 12147 Yes Security Update 16.0.1121.4 https://support.microsoft.com/help/5040936 12147 5040936 5040948 https://www.microsoft.com/download/details.aspx?familyid=1eb429b7-b226-4364-ad7c-405d30b37d1b 12355 Yes Security Update 15.0.4382.1 https://support.microsoft.com/help/5040948 12355 5040948 5040939 https://www.microsoft.com/download/details.aspx?familyid=8c3fdef0-6b0d-4a72-8438-d91f6d23b685 12354 Yes Security Update 16.0.4131.2 https://support.microsoft.com/help/5040939 12354 5040939 Anonymous 1.0 2024-07-09T07:00:00 <p>Information published.</p> SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5040939</td> <td>Security update for SQL Server 2022 CU13+GDR</td> <td>16.0.4003.1 - 16.0.4125.3</td> <td>KB 5036432 - SQL2022 RTM CU13</td> </tr> <tr> <td>5040936</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1000.6 - 16.0.1115.1</td> <td>KB 5035432 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5040948</td> <td>Security update for SQL Server 2019 CU27+GDR</td> <td>15.0.4003.23 - 15.0.4375.4</td> <td>KB 5037331 - SQL2019 RTM CU27</td> </tr> <tr> <td>5040986</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2000.5 - 15.0.2110.4</td> <td>KB 5035434 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5040940</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3006.16 - 14.0.3465.1</td> <td>KB 5029376 - SQL2017 RTM CU31</td> </tr> <tr> <td>5040942</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.1000.169 - 14.0.2052.1</td> <td>KB 5029375 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5040944</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7000.253 - 13.0.7029.3</td> <td>KB 5029187 - SQL2016 Azure Connect Feature Pack</td> </tr> <tr> <td>5040946</td> <td>Security update for SQL Server 2016RTM+GDR</td> <td>13.0.6300.2 - 13.0.6435.1</td> <td>KB 5029186 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2024-21414 Heap-based Buffer Overflow 11478 11821 12048 12053 12145 12147 12354 12355 Remote Code Execution 11478 Remote Code Execution 11821 Remote Code Execution 12048 Remote Code Execution 12053 Remote Code Execution 12145 Remote Code Execution 12147 Remote Code Execution 12354 Remote Code Execution 12355 Important 11478 Important 11821 Important 12048 Important 12053 Important 12145 Important 12147 Important 12354 Important 12355 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12354 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12355 5040942 https://www.microsoft.com/download/details.aspx?familyid=2969833a-66eb-46f9-a63b-fed652d29e55 11478 Maybe Security Update 14.0.2056.2 https://support.microsoft.com/help/5040942 11478 5040942 5040986 https://www.microsoft.com/download/details.aspx?familyid=54e6afd1-d83d-4542-8aae-6d4cd8a53a78 11821 Yes Security Update 15.0.2116.2 https://support.microsoft.com/help/5040986 11821 5040986 5040946 https://www.microsoft.com/download/details.aspx?familyid=5df9fdcd-6063-4709-8a46-d6e62ce83660 12048 Maybe Security Update 13.0.6441.1 https://support.microsoft.com/help/5040946 12048 5040946 5040944 https://www.microsoft.com/download/details.aspx?familyid=e24660af-2544-4d08-a639-fd5dc1d04292 12053 Maybe Security Update 13.0.7037.1 https://support.microsoft.com/help/5040944 12053 5040944 5040940 https://www.microsoft.com/download/details.aspx?familyid=aa8cdbcf-6dec-4876-864c-55193525d190 12145 Maybe Security Update 14.0.3471.2 https://support.microsoft.com/help/5040940 12145 5040940 5040936 https://www.microsoft.com/download/details.aspx?familyid=7aa8e5e5-86f3-45d9-a539-af03e1ea1f63 12147 Yes Security Update 16.0.1121.4 https://support.microsoft.com/help/5040936 12147 5040936 5040939 https://www.microsoft.com/download/details.aspx?familyid=8c3fdef0-6b0d-4a72-8438-d91f6d23b685 12354 Yes Security Update 16.0.4131.2 https://support.microsoft.com/help/5040939 12354 5040939 5040948 https://www.microsoft.com/download/details.aspx?familyid=1eb429b7-b226-4364-ad7c-405d30b37d1b 12355 Yes Security Update 15.0.4382.1 https://support.microsoft.com/help/5040948 12355 5040948 Anonymous 1.0 2024-07-09T07:00:00 <p>Information published.</p> SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5040939</td> <td>Security update for SQL Server 2022 CU13+GDR</td> <td>16.0.4003.1 - 16.0.4125.3</td> <td>KB 5036432 - SQL2022 RTM CU13</td> </tr> <tr> <td>5040936</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1000.6 - 16.0.1115.1</td> <td>KB 5035432 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5040948</td> <td>Security update for SQL Server 2019 CU27+GDR</td> <td>15.0.4003.23 - 15.0.4375.4</td> <td>KB 5037331 - SQL2019 RTM CU27</td> </tr> <tr> <td>5040986</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2000.5 - 15.0.2110.4</td> <td>KB 5035434 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5040940</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3006.16 - 14.0.3465.1</td> <td>KB 5029376 - SQL2017 RTM CU31</td> </tr> <tr> <td>5040942</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.1000.169 - 14.0.2052.1</td> <td>KB 5029375 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5040944</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7000.253 - 13.0.7029.3</td> <td>KB 5029187 - SQL2016 Azure Connect Feature Pack</td> </tr> <tr> <td>5040946</td> <td>Security update for SQL Server 2016RTM+GDR</td> <td>13.0.6300.2 - 13.0.6435.1</td> <td>KB 5029186 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2024-21415 Heap-based Buffer Overflow 11478 11821 12048 12053 12145 12147 12354 12355 Remote Code Execution 11478 Remote Code Execution 11821 Remote Code Execution 12048 Remote Code Execution 12053 Remote Code Execution 12145 Remote Code Execution 12147 Remote Code Execution 12354 Remote Code Execution 12355 Important 11478 Important 11821 Important 12048 Important 12053 Important 12145 Important 12147 Important 12354 Important 12355 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12354 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12355 5040942 https://www.microsoft.com/download/details.aspx?familyid=2969833a-66eb-46f9-a63b-fed652d29e55 11478 Maybe Security Update 14.0.2056.2 https://support.microsoft.com/help/5040942 11478 5040942 5040986 https://www.microsoft.com/download/details.aspx?familyid=54e6afd1-d83d-4542-8aae-6d4cd8a53a78 11821 Yes Security Update 15.0.2116.2 https://support.microsoft.com/help/5040986 11821 5040986 5040946 https://www.microsoft.com/download/details.aspx?familyid=5df9fdcd-6063-4709-8a46-d6e62ce83660 12048 Maybe Security Update 13.0.6441.1 https://support.microsoft.com/help/5040946 12048 5040946 5040944 https://www.microsoft.com/download/details.aspx?familyid=e24660af-2544-4d08-a639-fd5dc1d04292 12053 Maybe Security Update 13.0.7037.1 https://support.microsoft.com/help/5040944 12053 5040944 5040940 https://www.microsoft.com/download/details.aspx?familyid=aa8cdbcf-6dec-4876-864c-55193525d190 12145 Maybe Security Update 14.0.3471.2 https://support.microsoft.com/help/5040940 12145 5040940 5040936 https://www.microsoft.com/download/details.aspx?familyid=7aa8e5e5-86f3-45d9-a539-af03e1ea1f63 12147 Yes Security Update 16.0.1121.4 https://support.microsoft.com/help/5040936 12147 5040936 5040939 https://www.microsoft.com/download/details.aspx?familyid=8c3fdef0-6b0d-4a72-8438-d91f6d23b685 12354 Yes Security Update 16.0.4131.2 https://support.microsoft.com/help/5040939 12354 5040939 5040948 https://www.microsoft.com/download/details.aspx?familyid=1eb429b7-b226-4364-ad7c-405d30b37d1b 12355 Yes Security Update 15.0.4382.1 https://support.microsoft.com/help/5040948 12355 5040948 Anonymous 1.0 2024-07-09T07:00:00 <p>Information published.</p> SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5040939</td> <td>Security update for SQL Server 2022 CU13+GDR</td> <td>16.0.4003.1 - 16.0.4125.3</td> <td>KB 5036432 - SQL2022 RTM CU13</td> </tr> <tr> <td>5040936</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1000.6 - 16.0.1115.1</td> <td>KB 5035432 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5040948</td> <td>Security update for SQL Server 2019 CU27+GDR</td> <td>15.0.4003.23 - 15.0.4375.4</td> <td>KB 5037331 - SQL2019 RTM CU27</td> </tr> <tr> <td>5040986</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2000.5 - 15.0.2110.4</td> <td>KB 5035434 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5040940</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3006.16 - 14.0.3465.1</td> <td>KB 5029376 - SQL2017 RTM CU31</td> </tr> <tr> <td>5040942</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.1000.169 - 14.0.2052.1</td> <td>KB 5029375 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5040944</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7000.253 - 13.0.7029.3</td> <td>KB 5029187 - SQL2016 Azure Connect Feature Pack</td> </tr> <tr> <td>5040946</td> <td>Security update for SQL Server 2016RTM+GDR</td> <td>13.0.6300.2 - 13.0.6435.1</td> <td>KB 5029186 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2024-21428 Integer Overflow or Wraparound 11478 11821 12048 12053 12145 12147 12355 12354 Remote Code Execution 11478 Remote Code Execution 11821 Remote Code Execution 12048 Remote Code Execution 12053 Remote Code Execution 12145 Remote Code Execution 12147 Remote Code Execution 12355 Remote Code Execution 12354 Important 11478 Important 11821 Important 12048 Important 12053 Important 12145 Important 12147 Important 12355 Important 12354 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12355 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12354 5040942 https://www.microsoft.com/download/details.aspx?familyid=2969833a-66eb-46f9-a63b-fed652d29e55 11478 Maybe Security Update 14.0.2056.2 https://support.microsoft.com/help/5040942 11478 5040942 5040986 https://www.microsoft.com/download/details.aspx?familyid=54e6afd1-d83d-4542-8aae-6d4cd8a53a78 11821 Yes Security Update 15.0.2116.2 https://support.microsoft.com/help/5040986 11821 5040986 5040946 https://www.microsoft.com/download/details.aspx?familyid=5df9fdcd-6063-4709-8a46-d6e62ce83660 12048 Maybe Security Update 13.0.6441.1 https://support.microsoft.com/help/5040946 12048 5040946 5040944 https://www.microsoft.com/download/details.aspx?familyid=e24660af-2544-4d08-a639-fd5dc1d04292 12053 Maybe Security Update 13.0.7037.1 https://support.microsoft.com/help/5040944 12053 5040944 5040940 https://www.microsoft.com/download/details.aspx?familyid=aa8cdbcf-6dec-4876-864c-55193525d190 12145 Maybe Security Update 14.0.3471.2 https://support.microsoft.com/help/5040940 12145 5040940 5040936 https://www.microsoft.com/download/details.aspx?familyid=7aa8e5e5-86f3-45d9-a539-af03e1ea1f63 12147 Yes Security Update 16.0.1121.4 https://support.microsoft.com/help/5040936 12147 5040936 5040948 https://www.microsoft.com/download/details.aspx?familyid=1eb429b7-b226-4364-ad7c-405d30b37d1b 12355 Yes Security Update 15.0.4382.1 https://support.microsoft.com/help/5040948 12355 5040948 5040939 https://www.microsoft.com/download/details.aspx?familyid=8c3fdef0-6b0d-4a72-8438-d91f6d23b685 12354 Yes Security Update 16.0.4131.2 https://support.microsoft.com/help/5040939 12354 5040939 Anonymous 1.0 2024-07-09T07:00:00 <p>Information published.</p> SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5040939</td> <td>Security update for SQL Server 2022 CU13+GDR</td> <td>16.0.4003.1 - 16.0.4125.3</td> <td>KB 5036432 - SQL2022 RTM CU13</td> </tr> <tr> <td>5040936</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1000.6 - 16.0.1115.1</td> <td>KB 5035432 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5040948</td> <td>Security update for SQL Server 2019 CU27+GDR</td> <td>15.0.4003.23 - 15.0.4375.4</td> <td>KB 5037331 - SQL2019 RTM CU27</td> </tr> <tr> <td>5040986</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2000.5 - 15.0.2110.4</td> <td>KB 5035434 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5040940</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3006.16 - 14.0.3465.1</td> <td>KB 5029376 - SQL2017 RTM CU31</td> </tr> <tr> <td>5040942</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.1000.169 - 14.0.2052.1</td> <td>KB 5029375 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5040944</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7000.253 - 13.0.7029.3</td> <td>KB 5029187 - SQL2016 Azure Connect Feature Pack</td> </tr> <tr> <td>5040946</td> <td>Security update for SQL Server 2016RTM+GDR</td> <td>13.0.6300.2 - 13.0.6435.1</td> <td>KB 5029186 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2024-37318 Heap-based Buffer Overflow 12355 12354 11478 11821 12048 12053 12145 12147 Remote Code Execution 12355 Remote Code Execution 12354 Remote Code Execution 11478 Remote Code Execution 11821 Remote Code Execution 12048 Remote Code Execution 12053 Remote Code Execution 12145 Remote Code Execution 12147 Important 12355 Important 12354 Important 11478 Important 11821 Important 12048 Important 12053 Important 12145 Important 12147 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12355 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12354 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 5040948 https://www.microsoft.com/download/details.aspx?familyid=1eb429b7-b226-4364-ad7c-405d30b37d1b 12355 Yes Security Update 15.0.4382.1 https://support.microsoft.com/help/5040948 12355 5040948 5040939 https://www.microsoft.com/download/details.aspx?familyid=8c3fdef0-6b0d-4a72-8438-d91f6d23b685 12354 Yes Security Update 16.0.4131.2 https://support.microsoft.com/help/5040939 12354 5040939 5040942 https://www.microsoft.com/download/details.aspx?familyid=2969833a-66eb-46f9-a63b-fed652d29e55 11478 Maybe Security Update 14.0.2056.2 https://support.microsoft.com/help/5040942 11478 5040942 5040986 https://www.microsoft.com/download/details.aspx?familyid=54e6afd1-d83d-4542-8aae-6d4cd8a53a78 11821 Yes Security Update 15.0.2116.2 https://support.microsoft.com/help/5040986 11821 5040986 5040946 https://www.microsoft.com/download/details.aspx?familyid=5df9fdcd-6063-4709-8a46-d6e62ce83660 12048 Maybe Security Update 13.0.6441.1 https://support.microsoft.com/help/5040946 12048 5040946 5040944 https://www.microsoft.com/download/details.aspx?familyid=e24660af-2544-4d08-a639-fd5dc1d04292 12053 Maybe Security Update 13.0.7037.1 https://support.microsoft.com/help/5040944 12053 5040944 5040940 https://www.microsoft.com/download/details.aspx?familyid=aa8cdbcf-6dec-4876-864c-55193525d190 12145 Maybe Security Update 14.0.3471.2 https://support.microsoft.com/help/5040940 12145 5040940 5040936 https://www.microsoft.com/download/details.aspx?familyid=7aa8e5e5-86f3-45d9-a539-af03e1ea1f63 12147 Yes Security Update 16.0.1121.4 https://support.microsoft.com/help/5040936 12147 5040936 Anonymous 1.0 2024-07-09T07:00:00 <p>Information published.</p> SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5040939</td> <td>Security update for SQL Server 2022 CU13+GDR</td> <td>16.0.4003.1 - 16.0.4125.3</td> <td>KB 5036432 - SQL2022 RTM CU13</td> </tr> <tr> <td>5040936</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1000.6 - 16.0.1115.1</td> <td>KB 5035432 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5040948</td> <td>Security update for SQL Server 2019 CU27+GDR</td> <td>15.0.4003.23 - 15.0.4375.4</td> <td>KB 5037331 - SQL2019 RTM CU27</td> </tr> <tr> <td>5040986</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2000.5 - 15.0.2110.4</td> <td>KB 5035434 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5040940</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3006.16 - 14.0.3465.1</td> <td>KB 5029376 - SQL2017 RTM CU31</td> </tr> <tr> <td>5040942</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.1000.169 - 14.0.2052.1</td> <td>KB 5029375 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5040944</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7000.253 - 13.0.7029.3</td> <td>KB 5029187 - SQL2016 Azure Connect Feature Pack</td> </tr> <tr> <td>5040946</td> <td>Security update for SQL Server 2016RTM+GDR</td> <td>13.0.6300.2 - 13.0.6435.1</td> <td>KB 5029186 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2024-37332 Heap-based Buffer Overflow 11478 11821 12048 12053 12145 12147 12355 12354 Remote Code Execution 11478 Remote Code Execution 11821 Remote Code Execution 12048 Remote Code Execution 12053 Remote Code Execution 12145 Remote Code Execution 12147 Remote Code Execution 12355 Remote Code Execution 12354 Important 11478 Important 11821 Important 12048 Important 12053 Important 12145 Important 12147 Important 12355 Important 12354 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12355 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12354 5040942 https://www.microsoft.com/download/details.aspx?familyid=2969833a-66eb-46f9-a63b-fed652d29e55 11478 Maybe Security Update 14.0.2056.2 https://support.microsoft.com/help/5040942 11478 5040942 5040986 https://www.microsoft.com/download/details.aspx?familyid=54e6afd1-d83d-4542-8aae-6d4cd8a53a78 11821 Yes Security Update 15.0.2116.2 https://support.microsoft.com/help/5040986 11821 5040986 5040946 https://www.microsoft.com/download/details.aspx?familyid=5df9fdcd-6063-4709-8a46-d6e62ce83660 12048 Maybe Security Update 13.0.6441.1 https://support.microsoft.com/help/5040946 12048 5040946 5040944 https://www.microsoft.com/download/details.aspx?familyid=e24660af-2544-4d08-a639-fd5dc1d04292 12053 Maybe Security Update 13.0.7037.1 https://support.microsoft.com/help/5040944 12053 5040944 5040940 https://www.microsoft.com/download/details.aspx?familyid=aa8cdbcf-6dec-4876-864c-55193525d190 12145 Maybe Security Update 14.0.3471.2 https://support.microsoft.com/help/5040940 12145 5040940 5040936 https://www.microsoft.com/download/details.aspx?familyid=7aa8e5e5-86f3-45d9-a539-af03e1ea1f63 12147 Yes Security Update 16.0.1121.4 https://support.microsoft.com/help/5040936 12147 5040936 5040948 https://www.microsoft.com/download/details.aspx?familyid=1eb429b7-b226-4364-ad7c-405d30b37d1b 12355 Yes Security Update 15.0.4382.1 https://support.microsoft.com/help/5040948 12355 5040948 5040939 https://www.microsoft.com/download/details.aspx?familyid=8c3fdef0-6b0d-4a72-8438-d91f6d23b685 12354 Yes Security Update 16.0.4131.2 https://support.microsoft.com/help/5040939 12354 5040939 <a href="https://twitter.com/guhe120">Yuki Chen</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5040939</td> <td>Security update for SQL Server 2022 CU13+GDR</td> <td>16.0.4003.1 - 16.0.4125.3</td> <td>KB 5036432 - SQL2022 RTM CU13</td> </tr> <tr> <td>5040936</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1000.6 - 16.0.1115.1</td> <td>KB 5035432 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5040948</td> <td>Security update for SQL Server 2019 CU27+GDR</td> <td>15.0.4003.23 - 15.0.4375.4</td> <td>KB 5037331 - SQL2019 RTM CU27</td> </tr> <tr> <td>5040986</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2000.5 - 15.0.2110.4</td> <td>KB 5035434 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5040940</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3006.16 - 14.0.3465.1</td> <td>KB 5029376 - SQL2017 RTM CU31</td> </tr> <tr> <td>5040942</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.1000.169 - 14.0.2052.1</td> <td>KB 5029375 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5040944</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7000.253 - 13.0.7029.3</td> <td>KB 5029187 - SQL2016 Azure Connect Feature Pack</td> </tr> <tr> <td>5040946</td> <td>Security update for SQL Server 2016RTM+GDR</td> <td>13.0.6300.2 - 13.0.6435.1</td> <td>KB 5029186 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2024-37331 Heap-based Buffer Overflow 11478 11821 12048 12053 12145 12147 12354 12355 Remote Code Execution 11478 Remote Code Execution 11821 Remote Code Execution 12048 Remote Code Execution 12053 Remote Code Execution 12145 Remote Code Execution 12147 Remote Code Execution 12354 Remote Code Execution 12355 Important 11478 Important 11821 Important 12048 Important 12053 Important 12145 Important 12147 Important 12354 Important 12355 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12354 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12355 5040942 https://www.microsoft.com/download/details.aspx?familyid=2969833a-66eb-46f9-a63b-fed652d29e55 11478 Maybe Security Update 14.0.2056.2 https://support.microsoft.com/help/5040942 11478 5040942 5040986 https://www.microsoft.com/download/details.aspx?familyid=54e6afd1-d83d-4542-8aae-6d4cd8a53a78 11821 Yes Security Update 15.0.2116.2 https://support.microsoft.com/help/5040986 11821 5040986 5040946 https://www.microsoft.com/download/details.aspx?familyid=5df9fdcd-6063-4709-8a46-d6e62ce83660 12048 Maybe Security Update 13.0.6441.1 https://support.microsoft.com/help/5040946 12048 5040946 5040944 https://www.microsoft.com/download/details.aspx?familyid=e24660af-2544-4d08-a639-fd5dc1d04292 12053 Maybe Security Update 13.0.7037.1 https://support.microsoft.com/help/5040944 12053 5040944 5040940 https://www.microsoft.com/download/details.aspx?familyid=aa8cdbcf-6dec-4876-864c-55193525d190 12145 Maybe Security Update 14.0.3471.2 https://support.microsoft.com/help/5040940 12145 5040940 5040936 https://www.microsoft.com/download/details.aspx?familyid=7aa8e5e5-86f3-45d9-a539-af03e1ea1f63 12147 Yes Security Update 16.0.1121.4 https://support.microsoft.com/help/5040936 12147 5040936 5040939 https://www.microsoft.com/download/details.aspx?familyid=8c3fdef0-6b0d-4a72-8438-d91f6d23b685 12354 Yes Security Update 16.0.4131.2 https://support.microsoft.com/help/5040939 12354 5040939 5040948 https://www.microsoft.com/download/details.aspx?familyid=1eb429b7-b226-4364-ad7c-405d30b37d1b 12355 Yes Security Update 15.0.4382.1 https://support.microsoft.com/help/5040948 12355 5040948 Anonymous 1.0 2024-07-09T07:00:00 <p>Information published.</p> Secure Boot Security Feature Bypass Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>An unauthorized attacker must wait for a user to initiate a connection.</p> <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>An unauthenticated attacker with LAN access could exploit this vulnerability.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p> Windows Secure Boot Microsoft Yes CVE-2024-37969 Untrusted Pointer Dereference 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Secure Boot Security Feature Bypass Vulnerability <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>An unauthenticated attacker with LAN access could exploit this vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>An unauthorized attacker must wait for a user to initiate a connection.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p> Windows Secure Boot Microsoft Yes CVE-2024-37970 Stack-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Secure Boot Security Feature Bypass Vulnerability <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>An unauthenticated attacker with LAN access could exploit this vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>An unauthorized attacker must wait for a user to initiate a connection.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p> Windows Secure Boot Microsoft Yes CVE-2024-37974 Integer Underflow (Wrap or Wraparound) 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Secure Boot Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p> <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>An unauthenticated attacker with LAN access could exploit this vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>An unauthorized attacker must wait for a user to initiate a connection.</p> Windows Secure Boot Microsoft Yes CVE-2024-37981 Integer Underflow (Wrap or Wraparound) 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Windows Kernel Information Disclosure Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>Why does this CVE indicate that the vulnerability has been publicly disclosed?</strong></p> <p>This underlying vulnerability is due to an issue in the microarchitecture of certain ARM-based cores. Microsoft issued this CVE to document the Windows updates that address this underlying problem. This update mitigates against this vulnerability.</p> <p>For more information on this public disclosure, please see: <a href="https://developer.arm.com/Arm%20Security%20Center/Prefetcher%20Side%20Channels">Prefetcher Side Channels: Armv8 Security Bulletin</a>.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.</p> Intel Microsoft Yes CVE-2024-37985 Processor Optimization Removal or Modification of Security-critical Code 12085 12242 Information Disclosure 12085 Information Disclosure 12242 Important 12085 Important 12242 Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely 5.9 5.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.9 5.2 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12242 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 5040442 1.0 2024-07-09T07:00:00 <p>Information published.</p> 1.1 2024-09-17T07:00:00 <p>Updated CNA for this CVE to Microsoft and updated the FAQ. This is an informational update only.</p> Secure Boot Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>An unauthorized attacker must wait for a user to initiate a connection.</p> <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>An unauthenticated attacker with LAN access could exploit this vulnerability.</p> Windows Secure Boot Microsoft Yes CVE-2024-37986 Integer Underflow (Wrap or Wraparound) 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Secure Boot Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p> <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>An unauthenticated attacker with LAN access could exploit this vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>An unauthorized attacker must wait for a user to initiate a connection.</p> Windows Secure Boot Microsoft Yes CVE-2024-37987 Access of Resource Using Incompatible Type ('Type Confusion') Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Microsoft Windows Server Backup Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker would be able to delete any system files.</p> Windows Server Backup Microsoft Yes CVE-2024-38013 Improper Link Resolution Before File Access ('Link Following') 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.7 5.8 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 3wyeye5 with OSR 1.0 2024-07-09T07:00:00 <p>Information published.</p> Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability Windows Remote Desktop Microsoft Yes CVE-2024-38015 Uncontrolled Resource Consumption 11571 11572 11923 11924 12244 10816 10855 10378 10379 10483 10543 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 12244 Denial of Service 10816 Denial of Service 10855 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12244 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10816 10855 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 <a href="https://twitter.com/edwardzpeng">Lewis Lee &amp; Zhiniang Peng</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> 1.1 2024-07-11T07:00:00 <p>Updated acknowledgment. This is an informational change only.</p> Windows Image Acquisition Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to win a race condition.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Image Acquisition Microsoft Yes CVE-2024-38022 Improper Link Resolution Before File Access ('Link Following') 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 <a href="https://twitter.com/crispr56338851">BochengXiang(@Crispr)</a> with <a href="https://secsys.fudan.edu.cn/">FDU</a> goodbyeselene 1.0 2024-07-09T07:00:00 <p>Information published.</p> Microsoft SharePoint Server Remote Code Execution Vulnerability <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted SharePoint Server and craft specialized API requests to trigger deserialization of file's parameters. This would enable the attacker to perform remote code execution in the context of the SharePoint Server.</p> <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>An authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server.</p> Microsoft Office SharePoint Microsoft Yes CVE-2024-38023 Deserialization of Untrusted Data 10950 11585 11961 Remote Code Execution 10950 Remote Code Execution 11585 Remote Code Execution 11961 Critical 10950 Critical 11585 Critical 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10950 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11961 5002618 https://www.microsoft.com/download/details.aspx?familyid=92f58fc5-c39d-4a25-bea5-ddee233c734c 5002604 10950 Maybe Security Update 16.0.5456.1000 https://support.microsoft.com/help/5002618 10950 5002618 5002618 https://support.microsoft.com/help/5002618 10950 5002615 https://www.microsoft.com/download/details.aspx?familyid=a981cd4e-a4a7-4b75-85c3-6708c75ec97e 5002602 11585 Maybe Security Update 16.0.10412.20001 https://support.microsoft.com/help/5002615 11585 5002615 5002615 https://support.microsoft.com/help/5002615 11585 5002606 https://www.microsoft.com/download/details.aspx?familyid=79a55ec9-bad3-44c2-bd0e-843f637f43a7 5002603 11961 Maybe Security Update 16.0.17328.20424 https://support.microsoft.com/help/5002606 11961 5002606 <a href="https://github.com/zcgonvh">zcgonvh</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Microsoft SharePoint Server Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>An authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted SharePoint Server and craft specialized API requests to trigger deserialization of file's parameters. This would enable the attacker to perform remote code execution in the context of the SharePoint Server.</p> Microsoft Office SharePoint Microsoft Yes CVE-2024-38024 Deserialization of Untrusted Data 10950 11585 11961 Remote Code Execution 10950 Remote Code Execution 11585 Remote Code Execution 11961 Important 10950 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10950 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11961 5002618 https://www.microsoft.com/download/details.aspx?familyid=92f58fc5-c39d-4a25-bea5-ddee233c734c 5002604 10950 Maybe Security Update 16.0.5456.1000 https://support.microsoft.com/help/5002618 10950 5002618 5002618 https://support.microsoft.com/help/5002618 10950 5002615 https://www.microsoft.com/download/details.aspx?familyid=a981cd4e-a4a7-4b75-85c3-6708c75ec97e 5002602 11585 Maybe Security Update 16.0.10412.20001 https://support.microsoft.com/help/5002615 11585 5002615 5002615 https://support.microsoft.com/help/5002615 11585 5002606 https://www.microsoft.com/download/details.aspx?familyid=79a55ec9-bad3-44c2-bd0e-843f637f43a7 5002603 11961 Maybe Security Update 16.0.17328.20424 https://support.microsoft.com/help/5002606 11961 5002606 <a href="https://github.com/zcgonvh">zcgonvh</a> Guy Lederfein of Trend Micro cjm00n of Cyber Kunlun & Zhiniang Peng 1.0 2024-07-09T07:00:00 <p>Information published.</p> Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, a victim machine must be running a performance counter collection tool such as Performance Monitor to collect performance counter data from an attacker machine. An attacker with local admin authority on the attacker machine could run malicious code remotely in the victim machine's performance counter data collector process.</p> Windows Performance Monitor Microsoft Yes CVE-2024-38025 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040499 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040499 5039245 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22769 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040499 5040499 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040490 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040490 9312 10287 9318 9344 Yes Security Only 6.0.6003.22769 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040490 5040490 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040497 5039289 10051 10049 Yes Monthly Rollup 6.1.7601.27219 https://support.microsoft.com/help/5040497 10051 10049 5040497 5040497 https://support.microsoft.com/help/5040497 10051 10049 5040498 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040498 10051 10049 Yes Security Only 6.1.7601.27219 https://support.microsoft.com/help/5040498 10051 10049 5040498 5040498 https://support.microsoft.com/help/5040498 10051 10049 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 QingHe Xie FangMing Gu 1.0 2024-07-09T07:00:00 <p>Information published.</p> Windows Filtering Platform Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> Windows Filtering Microsoft Yes CVE-2024-38034 Integer Overflow or Wraparound 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040497 5039289 10051 10049 Yes Monthly Rollup 6.1.7601.27219 https://support.microsoft.com/help/5040497 10051 10049 5040497 5040497 https://support.microsoft.com/help/5040497 10051 10049 5040498 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040498 10051 10049 Yes Security Only 6.1.7601.27219 https://support.microsoft.com/help/5040498 10051 10049 5040498 5040498 https://support.microsoft.com/help/5040498 10051 10049 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 go2bed 1.0 2024-07-09T07:00:00 <p>Information published.</p> Windows Kernel Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is one byte of kernel memory could be leaked back to the attacker.</p> Windows Kernel Microsoft Yes CVE-2024-38041 Exposure of Sensitive Information to an Unauthorized Actor 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10852 10853 10816 10855 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 <a href="https://twitter.com/tacbliw">Le Tran Hai Tung</a> with <a href="https://viettelcybersecurity.com/">Viettel Cyber Security</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> PowerShell Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could elevate their user privileges from those of a restrained user to an unrestrained WDAC user.</p> Windows PowerShell Microsoft Yes CVE-2024-38043 Improper Input Validation 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 <a href="https://twitter.com/bohops">Jimmy Bayne</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Github: CVE-2024-38517 TenCent RapidJSON Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious file and convince them to open it.</p> <p><strong>Why is this GitHub CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in RapidJSON library which is consumed by Microsoft Active Directory Rights Management Services Client. The CVE for this open source component, which is used in a Microsoft product, is assigned by GitHub CNA.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality.</p> Active Directory Rights Management Services GitHub Yes CVE-2024-38517 Integer Underflow (Wrap or Wraparound) 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Moderate 11568 Moderate 11569 Moderate 11571 Moderate 11572 Moderate 11923 Moderate 11924 Moderate 11926 Moderate 11927 Moderate 11929 Moderate 11930 Moderate 11931 Moderate 12085 Moderate 12086 Moderate 12097 Moderate 12098 Moderate 12099 Moderate 12242 Moderate 12243 Moderate 12244 Moderate 10852 Moderate 10853 Moderate 10816 Moderate 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 Anonymous 1.0 2024-07-09T07:00:00 <p>Information published.</p> Windows Graphics Component Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> Microsoft Graphics Component Microsoft Yes CVE-2024-38051 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040499 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040499 5039245 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22769 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040499 5040499 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040490 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040490 9312 10287 9318 9344 Yes Security Only 6.0.6003.22769 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040490 5040490 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040497 5039289 10051 10049 Yes Monthly Rollup 6.1.7601.27219 https://support.microsoft.com/help/5040497 10051 10049 5040497 5040497 https://support.microsoft.com/help/5040497 10051 10049 5040498 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040498 10051 10049 Yes Security Only 6.1.7601.27219 https://support.microsoft.com/help/5040498 10051 10049 5040498 5040498 https://support.microsoft.com/help/5040498 10051 10049 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 Anonymous 1.0 2024-07-09T07:00:00 <p>Information published.</p> Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft Streaming Service Microsoft Yes CVE-2024-38054 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040499 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040499 5039245 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22769 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040499 5040499 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040490 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040490 9312 10287 9318 9344 Yes Security Only 6.0.6003.22769 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040490 5040490 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040497 5039289 10051 10049 Yes Monthly Rollup 6.1.7601.27219 https://support.microsoft.com/help/5040497 10051 10049 5040497 5040497 https://support.microsoft.com/help/5040497 10051 10049 5040498 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040498 10051 10049 Yes Security Only 6.1.7601.27219 https://support.microsoft.com/help/5040498 10051 10049 5040498 5040498 https://support.microsoft.com/help/5040498 10051 10049 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 <a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Microsoft Windows Codecs Library Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of certain kernel memory content.</p> Microsoft Windows Codecs Library Microsoft Yes CVE-2024-38055 Improper Input Validation 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040499 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040499 5039245 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22769 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040499 5040499 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040490 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040490 9312 10287 9318 9344 Yes Security Only 6.0.6003.22769 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040490 5040490 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040497 5039289 10051 10049 Yes Monthly Rollup 6.1.7601.27219 https://support.microsoft.com/help/5040497 10051 10049 5040497 5040497 https://support.microsoft.com/help/5040497 10051 10049 5040498 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040498 10051 10049 Yes Security Only 6.1.7601.27219 https://support.microsoft.com/help/5040498 10051 10049 5040498 5040498 https://support.microsoft.com/help/5040498 10051 10049 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 <a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Microsoft Windows Codecs Library Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> Microsoft Windows Codecs Library Microsoft Yes CVE-2024-38056 Out-of-bounds Read 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 5.5 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 <a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Win32k Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Win32K - ICOMP Microsoft Yes CVE-2024-38059 Use After Free 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 <a href="https://twitter.com/hillstone_lab">Zhang WangJunJie, He YiSheng</a> with <a href="https://www.hillstonenet.com.cn/">Hillstone Network Security Research Institute</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Windows Imaging Component Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker could exploit the vulnerability by uploading a malicious TIFF file to a server.</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p> Windows Imaging Component Microsoft Yes CVE-2024-38060 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11568 Critical 11569 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 11926 Critical 11927 Critical 11929 Critical 11930 Critical 11931 Critical 12085 Critical 12086 Critical 12097 Critical 12098 Critical 12099 Critical 12242 Critical 12243 Critical 12244 Critical 10729 Critical 10735 Critical 10852 Critical 10853 Critical 10816 Critical 10855 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040497 5039289 10051 10049 Yes Monthly Rollup 6.1.7601.27219 https://support.microsoft.com/help/5040497 10051 10049 5040497 5040497 https://support.microsoft.com/help/5040497 10051 10049 5040498 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040498 10051 10049 Yes Security Only 6.1.7601.27219 https://support.microsoft.com/help/5040498 10051 10049 5040498 5040498 https://support.microsoft.com/help/5040498 10051 10049 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 George Holmes with <a href="https://www.microsoft.com/">Microsoft</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain domain administrator privileges.</p> Role: Active Directory Certificate Services; Active Directory Domain Services Microsoft Yes CVE-2024-38061 Improper Access Control 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040497 5039289 10051 10049 Yes Monthly Rollup 6.1.7601.27219 https://support.microsoft.com/help/5040497 10051 10049 5040497 5040497 https://support.microsoft.com/help/5040497 10051 10049 5040498 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040498 10051 10049 Yes Security Only 6.1.7601.27219 https://support.microsoft.com/help/5040498 10051 10049 5040498 5040498 https://support.microsoft.com/help/5040498 10051 10049 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 <p>The following mitigating factors might be helpful in your situation:</p> <p>Setting LegacyAuthenticationLevel - Win32 apps | Microsoft Docs to 5= RPC_C_AUTHN_LEVEL_PKT_INTEGRITY might protect most processes on the machine against this attack. Note that COM does not currently have a notion of minimum authentication level if authenticated, for example it is not possible to accept calls at RPC_C_AUTHN_LEVEL_NONE or &gt;= RPC_C_AUTHN_LEVEL_PKT_INTEGRITY (server-side concern, but mentioning for completeness as it limits configuration-based options), nor is there a way to set the client-side authentication level for a process independent of the server-side authentication level. See <a href="https://learn.microsoft.com/en-us/windows/win32/com/legacyauthenticationlevel">LegacyAuthenticationLevel</a> for more information about this value.</p> <p>For information on how to set the applicable system-wide registry value see the <strong>Setting System-Wide Default Authentication Level</strong> section of <a href="https://learn.microsoft.com/en-us/windows/win32/com/setting-machine-wide-security-using-dcomcnfg?source=recommendations#setting-system-wide-default-authentication-level">Setting System-Wide Security Using DCOMCNFG</a>.</p> <a href="https://twitter.com/d1iv3">Tianze Ding (@D1iv3)</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> 1.1 2024-07-18T07:00:00 <p>Added acknowledgements. This is an informational change only.</p> Windows Kernel-Mode Driver Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Kernel-Mode Drivers Microsoft Yes CVE-2024-38062 Out-of-bounds Read 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 <a href="https://blog.talosintelligence.com/">Philippe Laulheret</a> with <a href="https://www.talosintelligence.com/vulnerability_reports">Cisco Talos</a> Philippe Laulheret of Cisco Talos 1.0 2024-07-09T07:00:00 <p>Information published.</p> Windows TCP/IP Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> Windows TCP/IP Microsoft Yes CVE-2024-38064 Use of Uninitialized Resource 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040499 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040499 5039245 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22769 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040499 5040499 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040490 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040490 9312 10287 9318 9344 Yes Security Only 6.0.6003.22769 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040490 5040490 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040497 5039289 10051 10049 Yes Monthly Rollup 6.1.7601.27219 https://support.microsoft.com/help/5040497 10051 10049 5040497 5040497 https://support.microsoft.com/help/5040497 10051 10049 5040498 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040498 10051 10049 Yes Security Only 6.1.7601.27219 https://support.microsoft.com/help/5040498 10051 10049 5040498 5040498 https://support.microsoft.com/help/5040498 10051 10049 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 Wei in Kunlun Lab with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Windows Remote Desktop Licensing Service Denial of Service Vulnerability <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of availability (A:H)? What does that mean for this vulnerability?</strong></p> <p>An attacker could impact availability of the service resulting in Denial of Service (DoS).</p> Windows Remote Desktop Licensing Service Microsoft Yes CVE-2024-38071 Buffer Over-read 11571 11572 11923 11924 12244 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 12244 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12244 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10816 10855 5040499 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040499 5039245 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22769 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040499 5040499 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040490 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040490 9312 10287 9318 9344 Yes Security Only 6.0.6003.22769 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040490 5040490 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040497 5039289 10051 10049 Yes Monthly Rollup 6.1.7601.27219 https://support.microsoft.com/help/5040497 10051 10049 5040497 5040497 https://support.microsoft.com/help/5040497 10051 10049 5040498 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040498 10051 10049 Yes Security Only 6.1.7601.27219 https://support.microsoft.com/help/5040498 10051 10049 5040498 5040498 https://support.microsoft.com/help/5040498 10051 10049 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 <a href="https://twitter.com/lewislee53">Lewis Lee</a>, <a href="https://twitter.com/ver0759">Chunyang Han</a> and <a href="https://twitter.com/edwardzpeng">Zhiniang Peng</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Windows Remote Desktop Licensing Service Denial of Service Vulnerability <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of availability (A:H)? What does that mean for this vulnerability?</strong></p> <p>An attacker could impact availability of the service resulting in Denial of Service (DoS).</p> Windows Remote Desktop Licensing Service Microsoft Yes CVE-2024-38072 NULL Pointer Dereference 11571 11572 11923 11924 12244 10816 10855 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 12244 Denial of Service 10816 Denial of Service 10855 Important 11571 Important 11572 Important 11923 Important 11924 Important 12244 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10816 10855 <a href="https://twitter.com/lewislee53">Lewis Lee</a>, <a href="https://twitter.com/ver0759">Chunyang Han</a> and <a href="https://twitter.com/edwardzpeng">Zhiniang Peng</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability <p><strong>How would an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker could connect to the Remote Desktop Licensing Service and send a malicious message which could allow remote code execution.</p> Windows Remote Desktop Licensing Service Microsoft Yes CVE-2024-38077 Heap-based Buffer Overflow 11571 11572 11923 11924 12244 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12244 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 12244 Critical 10816 Critical 10855 Critical 9312 Critical 10287 Critical 9318 Critical 9344 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10816 10855 5040499 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040499 5039245 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22769 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040499 5040499 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040490 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040490 9312 10287 9318 9344 Yes Security Only 6.0.6003.22769 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040490 5040490 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040497 5039289 10051 10049 Yes Monthly Rollup 6.1.7601.27219 https://support.microsoft.com/help/5040497 10051 10049 5040497 5040497 https://support.microsoft.com/help/5040497 10051 10049 5040498 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040498 10051 10049 Yes Security Only 6.1.7601.27219 https://support.microsoft.com/help/5040498 10051 10049 5040498 5040498 https://support.microsoft.com/help/5040498 10051 10049 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 <p>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx">mitigation</a> may be helpful in your situation.</p> <p>In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as possible even if you plan to leave Remote Desktop Licensing Service disabled:</p> <p><strong>1. Disable Remote Desktop Licensing Service if is not required.</strong></p> <p>If you no longer need this service on your system, consider disabling it as a security best practice. Disabling unused and unneeded services helps reduce your exposure to security vulnerabilities.</p> <a href="https://twitter.com/lewislee53">Lewis Lee</a>, <a href="https://twitter.com/ver0759">Chunyang Han</a> and <a href="https://twitter.com/edwardzpeng">Zhiniang Peng</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Windows Hyper-V Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Role: Windows Hyper-V Microsoft Yes CVE-2024-38080 Integer Overflow or Wraparound 11923 11924 11926 11927 12085 12086 12242 12243 12244 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Important 11923 Important 11924 Important 11926 Important 11927 Important 12085 Important 12086 Important 12242 Important 12243 Important 12244 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 Anonymous 1.0 2024-07-09T07:00:00 <p>Information published.</p> Windows Graphics Component Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Win32 Kernel Subsystem Microsoft Yes CVE-2024-38085 Use After Free 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040499 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040499 5039245 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22769 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040499 5040499 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040490 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040490 9312 10287 9318 9344 Yes Security Only 6.0.6003.22769 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040490 5040490 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040497 5039289 10051 10049 Yes Monthly Rollup 6.1.7601.27219 https://support.microsoft.com/help/5040497 10051 10049 5040497 5040497 https://support.microsoft.com/help/5040497 10051 10049 5040498 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040498 10051 10049 Yes Security Only 6.1.7601.27219 https://support.microsoft.com/help/5040498 10051 10049 5040498 5040498 https://support.microsoft.com/help/5040498 10051 10049 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 Anonymous 1.0 2024-07-09T07:00:00 <p>Information published.</p> Azure Kinect SDK Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability?</strong></p> <p>An attacker needs physical access to the target computer to plug in a malicious USB drive.</p> Azure Kinect SDK Microsoft Yes CVE-2024-38086 Numeric Truncation Error 12358 Remote Code Execution 12358 Important 12358 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.4 5.6 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12358 Release Notes https://github.com/microsoft/Azure-Kinect-Sensor-SDK/blob/develop/docs/usage.md#installation 12358 Maybe Security Update 1.4.2 https://github.com/microsoft/Azure-Kinect-Sensor-SDK/releases/tag/v1.4.2 12358 Release Notes <a href="https://twitter.com/vv474172261">VictorV(Tang tianwen)</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Microsoft WS-Discovery Denial of Service Vulnerability Microsoft WS-Discovery Microsoft Yes CVE-2024-38091 Improper Handling of Missing Special Element 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040499 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040499 5039245 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22769 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040499 5040499 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040490 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040490 9312 10287 9318 9344 Yes Security Only 6.0.6003.22769 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040490 5040490 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040497 5039289 10051 10049 Yes Monthly Rollup 6.1.7601.27219 https://support.microsoft.com/help/5040497 10051 10049 5040497 5040497 https://support.microsoft.com/help/5040497 10051 10049 5040498 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040498 10051 10049 Yes Security Only 6.1.7601.27219 https://support.microsoft.com/help/5040498 10051 10049 5040498 5040498 https://support.microsoft.com/help/5040498 10051 10049 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Windows File Explorer Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> Windows COM Session Microsoft Yes CVE-2024-38100 Improper Access Control 11571 11572 11923 11924 12244 10816 10855 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 12244 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11571 Important 11572 Important 11923 Important 11924 Important 12244 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10816 10855 <a href="https://twitter.com/decoder_it">Andrea Pierini</a> with <a href="https://www.semperis.com/">Semperis</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability <p><strong>According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?</strong></p> <p>This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.</p> Windows Internet Connection Sharing (ICS) Microsoft Yes CVE-2024-38102 Out-of-bounds Read 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 Wei in Kunlun Lab with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Windows Fax Service Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An authenticated attacker with normal user privileges that has already compromised a fax server, to which the victim is connected, can exploit this vulnerability to execute arbitrary code on the victim machine.</p> Windows Fax and Scan Service Microsoft Yes CVE-2024-38104 Untrusted Pointer Dereference 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040499 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040499 5039245 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22769 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040499 5040499 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040490 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040490 9312 10287 9318 9344 Yes Security Only 6.0.6003.22769 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040490 5040490 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040497 5039289 10051 10049 Yes Monthly Rollup 6.1.7601.27219 https://support.microsoft.com/help/5040497 10051 10049 5040497 5040497 https://support.microsoft.com/help/5040497 10051 10049 5040498 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040498 10051 10049 Yes Security Only 6.1.7601.27219 https://support.microsoft.com/help/5040498 10051 10049 5040498 5040498 https://support.microsoft.com/help/5040498 10051 10049 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 <p>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx">mitigating factor</a> might be helpful in your situation:</p> <p>To be exploitable by this vulnerability the Windows Fax Service has to be installed and configured. If Windows Fax Service is enabled, consider disabling it until you have installed this update that addresses this vulnerability.</p> <a href="https://twitter.com/lm0963">lm0963</a> with <a href="https://twitter.com/tiangonglab">TianGongLab of Legendsec at QI-ANXIN Group</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Windows MSHTML Platform Spoofing Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker would have to send the victim a malicious file that the victim would have to execute.</p> Windows MSHTML Platform Microsoft Yes CVE-2024-38112 User Interface (UI) Misrepresentation of Critical Information 12097 12243 10729 12085 10735 10852 10853 10816 11929 10855 9312 10287 9318 9344 11569 12098 10483 12242 12099 10543 11930 11924 12244 11572 11927 11926 11923 11931 12086 11571 11568 Spoofing 12097 Spoofing 12243 Spoofing 10729 Spoofing 12085 Spoofing 10735 Spoofing 10852 Spoofing 10853 Spoofing 10816 Spoofing 11929 Spoofing 10855 Spoofing 9312 Spoofing 10287 Spoofing 9318 Spoofing 9344 Spoofing 11569 Spoofing 12098 Spoofing 10483 Spoofing 12242 Spoofing 12099 Spoofing 10543 Spoofing 11930 Spoofing 11924 Spoofing 12244 Spoofing 11572 Spoofing 11927 Spoofing 11926 Spoofing 11923 Spoofing 11931 Spoofing 12086 Spoofing 11571 Spoofing 11568 Important 12097 Important 12243 Important 10729 Important 12085 Important 10735 Important 10852 Important 10853 Important 10816 Important 11929 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 11569 Important 12098 Important 10483 Important 12242 Important 12099 Important 10543 Important 11930 Important 11924 Important 12244 Important 11572 Important 11927 Important 11926 Important 11923 Important 11931 Important 12086 Important 11571 Important 11568 Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12097 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12243 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10729 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12085 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10735 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10852 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10853 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10816 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11929 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10855 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 9312 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10287 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 9318 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 9344 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11569 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12098 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10483 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12242 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12099 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 10543 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11930 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11924 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12244 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11572 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11927 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11926 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11923 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11931 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 12086 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11571 7.5 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 11568 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040427 https://support.microsoft.com/help/5040427 12097 11929 12098 12099 11930 11931 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12243 12242 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12243 12242 5040442 5040442 https://support.microsoft.com/help/5040442 12243 12085 12242 12086 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040499 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040499 5039245 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22769 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040499 5040499 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040490 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040490 9312 10287 9318 9344 Yes Security Only 6.0.6003.22769 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040490 5040490 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040426 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040426 5034120 9312 10287 9318 9344 10483 10543 Yes IE Cumulative 1.001 https://support.microsoft.com/help/5040426 9312 10287 9318 9344 10483 10543 5040426 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11569 11572 11571 11568 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11569 11572 11571 11568 5040430 5040430 https://support.microsoft.com/help/5040430 11569 11572 11571 11568 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11924 11923 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11924 11923 5040437 5040437 https://support.microsoft.com/help/5040437 11924 11923 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11927 11926 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11927 11926 5040431 5040431 https://support.microsoft.com/help/5040431 11927 11926 Haifei Li with <a href="https://research.checkpoint.com/">Check Point Research</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> 1.1 2024-07-12T07:00:00 <p>Updated CWE value. This is an informational change only.</p> Microsoft Dynamics 365 Elevation of Privilege Vulnerability <p>Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> Microsoft Dynamics Microsoft No CVE-2024-38182 Weak Authentication 11727 Elevation of Privilege 11727 Critical 11727 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 9.0 7.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11727 Cameron Vincent with Microsoft 1.0 2024-07-31T07:00:00 <p>Information published.</p> Secure Boot Security Feature Bypass Vulnerability <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>An authenticated attacker could exploit this vulnerability with LAN access.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>How could an attacker successfully exploit this vulnerability?</strong></p> <p>To exploit the vulnerability, an attacker who has physical access or Administrative rights to a target device could install a malicious .bcd file.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>An unauthorized attacker must wait for a user to initiate a connection.</p> Windows Secure Boot Microsoft Yes CVE-2024-26184 Integer Overflow or Wraparound 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.8 5.9 CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.8 5.9 CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.8 5.9 CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 6.8 5.9 CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 6.8 5.9 CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.8 5.9 CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.8 5.9 CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.8 5.9 CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.8 5.9 CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.8 5.9 CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.8 5.9 CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.8 5.9 CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.8 5.9 CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.8 5.9 CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.8 5.9 CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Windows MultiPoint Services Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An unauthenticated attacker can exploit this vulnerability by sending a malicious request packet via a client machine to a Windows Server configured to be a Multipoint Service over a network, and then waiting for the server to stop or restart.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires an admin user to stop or restart the service.</p> Windows MultiPoint Services Microsoft Yes CVE-2024-30013 Double Free 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10852 10853 10816 10855 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Microsoft SharePoint Server Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>The type of information that could be disclosed if an attacker successfully exploited this vulnerability is data inside the targeted website like IDs, tokens, cryptographic nonces, and other sensitive information.</p> Microsoft Office SharePoint Microsoft Yes CVE-2024-32987 Server-Side Request Forgery (SSRF) 10950 11585 11961 Information Disclosure 10950 Information Disclosure 11585 Information Disclosure 11961 Important 10950 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10950 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11585 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11961 5002618 https://www.microsoft.com/download/details.aspx?familyid=92f58fc5-c39d-4a25-bea5-ddee233c734c 5002604 10950 Maybe Security Update 16.0.5456.1000 https://support.microsoft.com/help/5002618 10950 5002618 5002618 https://support.microsoft.com/help/5002618 10950 5002615 https://www.microsoft.com/download/details.aspx?familyid=a981cd4e-a4a7-4b75-85c3-6708c75ec97e 5002602 11585 Maybe Security Update 16.0.10412.20001 https://support.microsoft.com/help/5002615 11585 5002615 5002615 https://support.microsoft.com/help/5002615 11585 5002606 https://www.microsoft.com/download/details.aspx?familyid=79a55ec9-bad3-44c2-bd0e-843f637f43a7 5002603 11961 Maybe Security Update 16.0.17328.20424 https://support.microsoft.com/help/5002606 11961 5002606 <a href="https://twitter.com/_l0gg">khoadha</a> with <a href="https://viettelcybersecurity.com/">vcslab from Viettel Cyber Security</a> 1.1 2024-07-16T07:00:00 <p>Added acknowledgements. This is an informational change only.</p> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Windows Remote Access Connection Manager Information Disclosure Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> Windows Remote Access Connection Manager Microsoft Yes CVE-2024-30071 Buffer Over-read 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12244 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 4.7 4.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 <a href="https://twitter.com/ecthr0s">George Hughey</a> with MSRC Vulnerabilities &amp; Mitigations 1.0 2024-07-09T07:00:00 <p>Information published.</p> Windows Remote Access Connection Manager Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Remote Access Connection Manager Microsoft Yes CVE-2024-30079 Buffer Over-read 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 <a href="https://twitter.com/ecthr0s">George Hughey</a> with MSRC Vulnerabilities &amp; Mitigations 1.0 2024-07-09T07:00:00 <p>Information published.</p> CERT/CC: CVE-2024-3596 RADIUS Protocol Spoofing Vulnerability <p><strong>Why is this CERT/CC CVE included in the Security Update Guide?</strong></p> <p>A vulnerability exists in the RADIUS protocol that potentially affects many products and implementations of the RFC 2865 in the UDP version of the RADIUS protocol. In brief, RADIUS protocol (RFC 2865) is susceptible to forgery attacks that can modify Access-Accept or Access-Reject RADIUS response. CERT/CC assigned a CVE ID for this vulnerability which all vendors are using for their affected products.</p> <p>Please see <a href="https://support.microsoft.com/help/5040268">KB5040268: How to manage the Access-Request packets attack vulnerability associated with CVE-2024-3596</a> for information on additional steps that should be done to protect your environment from this vulnerability.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack.</p> NPS RADIUS Server CERT/CC Yes CVE-2024-3596 Use of a Broken or Risky Cryptographic Algorithm 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Spoofing 11568 Spoofing 11569 Spoofing 11571 Spoofing 11572 Spoofing 11923 Spoofing 11924 Spoofing 11926 Spoofing 11927 Spoofing 11929 Spoofing 11930 Spoofing 11931 Spoofing 12085 Spoofing 12086 Spoofing 12097 Spoofing 12098 Spoofing 12099 Spoofing 12242 Spoofing 12243 Spoofing 12244 Spoofing 10729 Spoofing 10735 Spoofing 10852 Spoofing 10853 Spoofing 10816 Spoofing 10855 Spoofing 9312 Spoofing 10287 Spoofing 9318 Spoofing 9344 Spoofing 10051 Spoofing 10049 Spoofing 10378 Spoofing 10379 Spoofing 10483 Spoofing 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040499 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040499 5039245 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22769 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040499 5040499 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040490 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040490 9312 10287 9318 9344 Yes Security Only 6.0.6003.22769 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040490 5040490 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040497 5039289 10051 10049 Yes Monthly Rollup 6.1.7601.27219 https://support.microsoft.com/help/5040497 10051 10049 5040497 5040497 https://support.microsoft.com/help/5040497 10051 10049 5040498 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040498 10051 10049 Yes Security Only 6.1.7601.27219 https://support.microsoft.com/help/5040498 10051 10049 5040498 5040498 https://support.microsoft.com/help/5040498 10051 10049 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 [info needed] 1.0 2024-07-09T07:00:00 <p>Information published.</p> Azure Network Watcher VM Extension Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> <p><strong>Is there any action I need to take to be protected from this vulnerability?</strong></p> <p>If you have enabled automatic updates, you will automatically receive the update as soon as it is available. If you have not enabled automatic updates, you will need to update the product manually.</p> <p>Please see <a href="https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/network-watcher-update?tabs=windows">Update Network Watcher extension to the latest version - Azure Virtual Machines | Microsoft Learn</a> for more information.</p> Azure Network Watcher Microsoft Yes CVE-2024-35261 Improper Link Resolution Before File Access ('Link Following') 12359 Elevation of Privilege 12359 Important 12359 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 7.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12359 Release Notes https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/network-watcher-update?tabs=windows 12359 Maybe Security Update 1.4.3320.1 https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/network-watcher-update?tabs=windows 12359 Release Notes R4nger &amp; Zhiniang Peng 1.0 2024-07-09T07:00:00 <p>Information published.</p> Azure DevOps Server Spoofing Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required  is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authorized attacker must send the user a malicious file and convince the user to open it.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to a high loss of confidentiality (C:H), and integrity (I:H) and some loss of availability (A:L). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could view sensitive information, a token in this scenario (Confidentiality) and make changes to disclosed information (Integrity), and they might be able to force a crash within the server (Availability).</p> <p><strong>What actions do customers need to take to protect themselves from this vulnerability?</strong></p> <p>Customers using Azure DevOps 2022.1 must update to Azure DevOps Server 2022.2 released on 09 July, 2024 to be protected. For more information on this recent Azure DevOps release, see here: <a href="https://learn.microsoft.com/en-us/azure/devops/server/release-notes/azuredevops2022u2?view=azure-devops">Azure DevOps Server 2022 Update 2 Release Notes</a>.</p> <p><strong>Im having trouble downloading the update linked in the Security Updates table, what should I do?</strong></p> <p>The link in the Security Updates table has been fixed and customers should retry downloading if it previously failed. This was due to Azure DevOps re-releasing <a href="https://go.microsoft.com/fwlink/?LinkId=2269844">Azure DevOps Server 2022.2</a> to fix a technical issue.</p> <p>Customers who installed the version of Azure DevOps Server 2022.2 released on July 9, can install <a href="https://aka.ms/devops2022.2patch1">Patch 1 for Azure DevOps Server 2022.2</a>. Patch 1 is not required if you are installing <a href="https://go.microsoft.com/fwlink/?LinkId=2269844">Azure DevOps Server 2022.2</a> for the first time since the download links were updated to include the fix.</p> <p>For more information reference the Azure DevOps Server 2022.2 Release Notes here: <a href="https://learn.microsoft.com/en-us/azure/devops/server/release-notes/azuredevops2022u2?view=azure-devops#azure-devops-server-20222-rtw-release-date-july-9-2024">Azure DevOps Server 2022.2 RTW Release Date: July 9, 2024</a>.</p> Azure DevOps Microsoft Yes CVE-2024-35266 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 12270 Spoofing 12270 Important 12270 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 12270 Release Notes https://go.microsoft.com/fwlink/?LinkId=2269844 12270 Maybe Security Update 20240702.1 https://learn.microsoft.com/en-us/azure/devops/server/release-notes/azuredevops2022u2?view=azure-devops 12270 Release Notes Felix Boulet 1.0 2024-07-09T07:00:00 <p>Information published.</p> 1.1 2024-10-14T07:00:00 <p>Corrected Download links in the Security Updates table and added an FAQ. This is an informational change only.</p> Azure DevOps Server Spoofing Vulnerability <p><strong>According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?</strong></p> <p>The word <strong>Remote</strong> in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.</p> <p>For example, when the score indicates that the <strong>Attack Vector</strong> is <strong>Local</strong> and <strong>User Interaction</strong> is <strong>Required</strong>, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.</p> <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to a high loss of confidentiality (C:H), and integrity (I:H) and some loss of availability (A:L). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could view sensitive information, a token in this scenario (Confidentiality) and make changes to disclosed information (Integrity), and they might be able to force a crash within the server (Availability).</p> <p><strong>What actions do customers need to take to protect themselves from this vulnerability?</strong></p> <p>Customers using Azure DevOps 2022.1 must update to Azure DevOps Server 2022.2 released on 09 July, 2024 to be protected. For more information on this recent Azure DevOps release, see here: <a href="https://learn.microsoft.com/en-us/azure/devops/server/release-notes/azuredevops2022u2?view=azure-devops">Azure DevOps Server 2022 Update 2 Release Notes</a>.</p> Azure DevOps Microsoft Yes CVE-2024-35267 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 12270 Spoofing 12270 Important 12270 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.6 6.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C 12270 Release Notes https://go.microsoft.com/fwlink/?LinkId=2269844 12270 Maybe Security Update 20240702.1 https://learn.microsoft.com/en-us/azure/devops/server/release-notes/azuredevops2022u2?view=azure-devops 12270 Release Notes Felix Boulet 1.0 2024-07-09T07:00:00 <p>Information published.</p> SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5040939</td> <td>Security update for SQL Server 2022 CU13+GDR</td> <td>16.0.4003.1 - 16.0.4125.3</td> <td>KB 5036432 - SQL2022 RTM CU13</td> </tr> <tr> <td>5040936</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1000.6 - 16.0.1115.1</td> <td>KB 5035432 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5040948</td> <td>Security update for SQL Server 2019 CU27+GDR</td> <td>15.0.4003.23 - 15.0.4375.4</td> <td>KB 5037331 - SQL2019 RTM CU27</td> </tr> <tr> <td>5040986</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2000.5 - 15.0.2110.4</td> <td>KB 5035434 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5040940</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3006.16 - 14.0.3465.1</td> <td>KB 5029376 - SQL2017 RTM CU31</td> </tr> <tr> <td>5040942</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.1000.169 - 14.0.2052.1</td> <td>KB 5029375 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5040944</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7000.253 - 13.0.7029.3</td> <td>KB 5029187 - SQL2016 Azure Connect Feature Pack</td> </tr> <tr> <td>5040946</td> <td>Security update for SQL Server 2016RTM+GDR</td> <td>13.0.6300.2 - 13.0.6435.1</td> <td>KB 5029186 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2024-35271 Heap-based Buffer Overflow 11478 11821 12048 12053 12145 12147 12355 12354 Remote Code Execution 11478 Remote Code Execution 11821 Remote Code Execution 12048 Remote Code Execution 12053 Remote Code Execution 12145 Remote Code Execution 12147 Remote Code Execution 12355 Remote Code Execution 12354 Important 11478 Important 11821 Important 12048 Important 12053 Important 12145 Important 12147 Important 12355 Important 12354 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12355 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12354 5040942 https://www.microsoft.com/download/details.aspx?familyid=2969833a-66eb-46f9-a63b-fed652d29e55 11478 Maybe Security Update 14.0.2056.2 https://support.microsoft.com/help/5040942 11478 5040942 5040986 https://www.microsoft.com/download/details.aspx?familyid=54e6afd1-d83d-4542-8aae-6d4cd8a53a78 11821 Yes Security Update 15.0.2116.2 https://support.microsoft.com/help/5040986 11821 5040986 5040946 https://www.microsoft.com/download/details.aspx?familyid=5df9fdcd-6063-4709-8a46-d6e62ce83660 12048 Maybe Security Update 13.0.6441.1 https://support.microsoft.com/help/5040946 12048 5040946 5040944 https://www.microsoft.com/download/details.aspx?familyid=e24660af-2544-4d08-a639-fd5dc1d04292 12053 Maybe Security Update 13.0.7037.1 https://support.microsoft.com/help/5040944 12053 5040944 5040940 https://www.microsoft.com/download/details.aspx?familyid=aa8cdbcf-6dec-4876-864c-55193525d190 12145 Maybe Security Update 14.0.3471.2 https://support.microsoft.com/help/5040940 12145 5040940 5040936 https://www.microsoft.com/download/details.aspx?familyid=7aa8e5e5-86f3-45d9-a539-af03e1ea1f63 12147 Yes Security Update 16.0.1121.4 https://support.microsoft.com/help/5040936 12147 5040936 5040948 https://www.microsoft.com/download/details.aspx?familyid=1eb429b7-b226-4364-ad7c-405d30b37d1b 12355 Yes Security Update 15.0.4382.1 https://support.microsoft.com/help/5040948 12355 5040948 5040939 https://www.microsoft.com/download/details.aspx?familyid=8c3fdef0-6b0d-4a72-8438-d91f6d23b685 12354 Yes Security Update 16.0.4131.2 https://support.microsoft.com/help/5040939 12354 5040939 Anonymous 1.0 2024-07-09T07:00:00 <p>Information published.</p> SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5040939</td> <td>Security update for SQL Server 2022 CU13+GDR</td> <td>16.0.4003.1 - 16.0.4125.3</td> <td>KB 5036432 - SQL2022 RTM CU13</td> </tr> <tr> <td>5040936</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1000.6 - 16.0.1115.1</td> <td>KB 5035432 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5040948</td> <td>Security update for SQL Server 2019 CU27+GDR</td> <td>15.0.4003.23 - 15.0.4375.4</td> <td>KB 5037331 - SQL2019 RTM CU27</td> </tr> <tr> <td>5040986</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2000.5 - 15.0.2110.4</td> <td>KB 5035434 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5040940</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3006.16 - 14.0.3465.1</td> <td>KB 5029376 - SQL2017 RTM CU31</td> </tr> <tr> <td>5040942</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.1000.169 - 14.0.2052.1</td> <td>KB 5029375 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5040944</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7000.253 - 13.0.7029.3</td> <td>KB 5029187 - SQL2016 Azure Connect Feature Pack</td> </tr> <tr> <td>5040946</td> <td>Security update for SQL Server 2016RTM+GDR</td> <td>13.0.6300.2 - 13.0.6435.1</td> <td>KB 5029186 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2024-35272 Heap-based Buffer Overflow 11600 11935 12187 12271 12322 12404 11821 12048 12053 12145 12147 12355 12354 Remote Code Execution 11600 Remote Code Execution 11935 Remote Code Execution 12187 Remote Code Execution 12271 Remote Code Execution 12322 Remote Code Execution 12404 Remote Code Execution 11821 Remote Code Execution 12048 Remote Code Execution 12053 Remote Code Execution 12145 Remote Code Execution 12147 Remote Code Execution 12355 Remote Code Execution 12354 Important 11600 Important 11935 Important 12187 Important 12271 Important 12322 Important 12404 Important 11821 Important 12048 Important 12053 Important 12145 Important 12147 Important 12355 Important 12354 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11600 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11935 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12187 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12271 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12322 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12404 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12355 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12354 Release Notes http://aka.ms/vs/15/release/latest 11600 Maybe Security Update 15.9.66 https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes 11600 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.11 11935 Maybe Security Update 16.11.40 https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.11 11935 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.19 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8 12271 Maybe Security Update 17.8.14 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12271 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.10 12322 Maybe Security Update 17.10.7 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12322 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.11 12404 Maybe Security Update 17.11.3 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12404 Release Notes 5040986 https://www.microsoft.com/download/details.aspx?familyid=54e6afd1-d83d-4542-8aae-6d4cd8a53a78 11821 Yes Security Update 15.0.2116.2 https://support.microsoft.com/help/5040986 11821 5040986 5040946 https://www.microsoft.com/download/details.aspx?familyid=5df9fdcd-6063-4709-8a46-d6e62ce83660 12048 Maybe Security Update 13.0.6441.1 https://support.microsoft.com/help/5040946 12048 5040946 5040944 https://www.microsoft.com/download/details.aspx?familyid=e24660af-2544-4d08-a639-fd5dc1d04292 12053 Maybe Security Update 13.0.7037.1 https://support.microsoft.com/help/5040944 12053 5040944 5040940 https://www.microsoft.com/download/details.aspx?familyid=aa8cdbcf-6dec-4876-864c-55193525d190 12145 Maybe Security Update 14.0.3471.2 https://support.microsoft.com/help/5040940 12145 5040940 5040936 https://www.microsoft.com/download/details.aspx?familyid=7aa8e5e5-86f3-45d9-a539-af03e1ea1f63 12147 Yes Security Update 16.0.1121.4 https://support.microsoft.com/help/5040936 12147 5040936 5040948 https://www.microsoft.com/download/details.aspx?familyid=1eb429b7-b226-4364-ad7c-405d30b37d1b 12355 Yes Security Update 15.0.4382.1 https://support.microsoft.com/help/5040948 12355 5040948 5040939 https://www.microsoft.com/download/details.aspx?familyid=8c3fdef0-6b0d-4a72-8438-d91f6d23b685 12354 Yes Security Update 16.0.4131.2 https://support.microsoft.com/help/5040939 12354 5040939 <a href="https://twitter.com/guhe120">Yuki Chen</a> Anonymous 1.0 2024-07-09T07:00:00 <p>Information published.</p> 2.0 2024-09-10T07:00:00 <p>In the Security Updates table, added Visual Studio 2017 version 15.9, Visual Studio 2019 version 16.11, and Visual Studio 2022 versions 17.6, 17.8, 17.10, and 17.11 as they are also affected by this vulnerability.</p> <p>Microsoft recommends that customers running any of these products install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> 2.1 2024-09-13T07:00:00 <p>Corrected Build Numbers in the Security Updates table. This is an informational change only.</p> SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5040939</td> <td>Security update for SQL Server 2022 CU13+GDR</td> <td>16.0.4003.1 - 16.0.4125.3</td> <td>KB 5036432 - SQL2022 RTM CU13</td> </tr> <tr> <td>5040936</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1000.6 - 16.0.1115.1</td> <td>KB 5035432 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5040948</td> <td>Security update for SQL Server 2019 CU27+GDR</td> <td>15.0.4003.23 - 15.0.4375.4</td> <td>KB 5037331 - SQL2019 RTM CU27</td> </tr> <tr> <td>5040986</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2000.5 - 15.0.2110.4</td> <td>KB 5035434 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5040940</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3006.16 - 14.0.3465.1</td> <td>KB 5029376 - SQL2017 RTM CU31</td> </tr> <tr> <td>5040942</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.1000.169 - 14.0.2052.1</td> <td>KB 5029375 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5040944</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7000.253 - 13.0.7029.3</td> <td>KB 5029187 - SQL2016 Azure Connect Feature Pack</td> </tr> <tr> <td>5040946</td> <td>Security update for SQL Server 2016RTM+GDR</td> <td>13.0.6300.2 - 13.0.6435.1</td> <td>KB 5029186 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2024-20701 Heap-based Buffer Overflow 11478 11821 12048 12053 12145 12147 12355 12354 Remote Code Execution 11478 Remote Code Execution 11821 Remote Code Execution 12048 Remote Code Execution 12053 Remote Code Execution 12145 Remote Code Execution 12147 Remote Code Execution 12355 Remote Code Execution 12354 Important 11478 Important 11821 Important 12048 Important 12053 Important 12145 Important 12147 Important 12355 Important 12354 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12355 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12354 5040942 https://www.microsoft.com/download/details.aspx?familyid=2969833a-66eb-46f9-a63b-fed652d29e55 11478 Maybe Security Update 14.0.2056.2 https://support.microsoft.com/help/5040942 11478 5040942 5040986 https://www.microsoft.com/download/details.aspx?familyid=54e6afd1-d83d-4542-8aae-6d4cd8a53a78 11821 Yes Security Update 15.0.2116.2 https://support.microsoft.com/help/5040986 11821 5040986 5040946 https://www.microsoft.com/download/details.aspx?familyid=5df9fdcd-6063-4709-8a46-d6e62ce83660 12048 Maybe Security Update 13.0.6441.1 https://support.microsoft.com/help/5040946 12048 5040946 5040944 https://www.microsoft.com/download/details.aspx?familyid=e24660af-2544-4d08-a639-fd5dc1d04292 12053 Maybe Security Update 13.0.7037.1 https://support.microsoft.com/help/5040944 12053 5040944 5040940 https://www.microsoft.com/download/details.aspx?familyid=aa8cdbcf-6dec-4876-864c-55193525d190 12145 Maybe Security Update 14.0.3471.2 https://support.microsoft.com/help/5040940 12145 5040940 5040936 https://www.microsoft.com/download/details.aspx?familyid=7aa8e5e5-86f3-45d9-a539-af03e1ea1f63 12147 Yes Security Update 16.0.1121.4 https://support.microsoft.com/help/5040936 12147 5040936 5040948 https://www.microsoft.com/download/details.aspx?familyid=1eb429b7-b226-4364-ad7c-405d30b37d1b 12355 Yes Security Update 15.0.4382.1 https://support.microsoft.com/help/5040948 12355 5040948 5040939 https://www.microsoft.com/download/details.aspx?familyid=8c3fdef0-6b0d-4a72-8438-d91f6d23b685 12354 Yes Security Update 16.0.4131.2 https://support.microsoft.com/help/5040939 12354 5040939 Anonymous 1.0 2024-07-09T07:00:00 <p>Information published.</p> SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5040939</td> <td>Security update for SQL Server 2022 CU13+GDR</td> <td>16.0.4003.1 - 16.0.4125.3</td> <td>KB 5036432 - SQL2022 RTM CU13</td> </tr> <tr> <td>5040936</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1000.6 - 16.0.1115.1</td> <td>KB 5035432 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5040948</td> <td>Security update for SQL Server 2019 CU27+GDR</td> <td>15.0.4003.23 - 15.0.4375.4</td> <td>KB 5037331 - SQL2019 RTM CU27</td> </tr> <tr> <td>5040986</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2000.5 - 15.0.2110.4</td> <td>KB 5035434 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5040940</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3006.16 - 14.0.3465.1</td> <td>KB 5029376 - SQL2017 RTM CU31</td> </tr> <tr> <td>5040942</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.1000.169 - 14.0.2052.1</td> <td>KB 5029375 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5040944</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7000.253 - 13.0.7029.3</td> <td>KB 5029187 - SQL2016 Azure Connect Feature Pack</td> </tr> <tr> <td>5040946</td> <td>Security update for SQL Server 2016RTM+GDR</td> <td>13.0.6300.2 - 13.0.6435.1</td> <td>KB 5029186 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2024-21303 Use After Free 12354 12355 11478 11821 12048 12053 12145 12147 Remote Code Execution 12354 Remote Code Execution 12355 Remote Code Execution 11478 Remote Code Execution 11821 Remote Code Execution 12048 Remote Code Execution 12053 Remote Code Execution 12145 Remote Code Execution 12147 Important 12354 Important 12355 Important 11478 Important 11821 Important 12048 Important 12053 Important 12145 Important 12147 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12354 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12355 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 5040939 https://www.microsoft.com/download/details.aspx?familyid=8c3fdef0-6b0d-4a72-8438-d91f6d23b685 12354 Yes Security Update 16.0.4131.2 https://support.microsoft.com/help/5040939 12354 5040939 5040948 https://www.microsoft.com/download/details.aspx?familyid=1eb429b7-b226-4364-ad7c-405d30b37d1b 12355 Yes Security Update 15.0.4382.1 https://support.microsoft.com/help/5040948 12355 5040948 5040942 https://www.microsoft.com/download/details.aspx?familyid=2969833a-66eb-46f9-a63b-fed652d29e55 11478 Maybe Security Update 14.0.2056.2 https://support.microsoft.com/help/5040942 11478 5040942 5040986 https://www.microsoft.com/download/details.aspx?familyid=54e6afd1-d83d-4542-8aae-6d4cd8a53a78 11821 Yes Security Update 15.0.2116.2 https://support.microsoft.com/help/5040986 11821 5040986 5040946 https://www.microsoft.com/download/details.aspx?familyid=5df9fdcd-6063-4709-8a46-d6e62ce83660 12048 Maybe Security Update 13.0.6441.1 https://support.microsoft.com/help/5040946 12048 5040946 5040944 https://www.microsoft.com/download/details.aspx?familyid=e24660af-2544-4d08-a639-fd5dc1d04292 12053 Maybe Security Update 13.0.7037.1 https://support.microsoft.com/help/5040944 12053 5040944 5040940 https://www.microsoft.com/download/details.aspx?familyid=aa8cdbcf-6dec-4876-864c-55193525d190 12145 Maybe Security Update 14.0.3471.2 https://support.microsoft.com/help/5040940 12145 5040940 5040936 https://www.microsoft.com/download/details.aspx?familyid=7aa8e5e5-86f3-45d9-a539-af03e1ea1f63 12147 Yes Security Update 16.0.1121.4 https://support.microsoft.com/help/5040936 12147 5040936 Anonymous 1.0 2024-07-09T07:00:00 <p>Information published.</p> SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5040939</td> <td>Security update for SQL Server 2022 CU13+GDR</td> <td>16.0.4003.1 - 16.0.4125.3</td> <td>KB 5036432 - SQL2022 RTM CU13</td> </tr> <tr> <td>5040936</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1000.6 - 16.0.1115.1</td> <td>KB 5035432 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5040948</td> <td>Security update for SQL Server 2019 CU27+GDR</td> <td>15.0.4003.23 - 15.0.4375.4</td> <td>KB 5037331 - SQL2019 RTM CU27</td> </tr> <tr> <td>5040986</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2000.5 - 15.0.2110.4</td> <td>KB 5035434 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5040940</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3006.16 - 14.0.3465.1</td> <td>KB 5029376 - SQL2017 RTM CU31</td> </tr> <tr> <td>5040942</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.1000.169 - 14.0.2052.1</td> <td>KB 5029375 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5040944</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7000.253 - 13.0.7029.3</td> <td>KB 5029187 - SQL2016 Azure Connect Feature Pack</td> </tr> <tr> <td>5040946</td> <td>Security update for SQL Server 2016RTM+GDR</td> <td>13.0.6300.2 - 13.0.6435.1</td> <td>KB 5029186 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2024-21308 Use After Free 11478 11821 12048 12053 12145 12147 12355 12354 Remote Code Execution 11478 Remote Code Execution 11821 Remote Code Execution 12048 Remote Code Execution 12053 Remote Code Execution 12145 Remote Code Execution 12147 Remote Code Execution 12355 Remote Code Execution 12354 Important 11478 Important 11821 Important 12048 Important 12053 Important 12145 Important 12147 Important 12355 Important 12354 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12355 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12354 5040942 https://www.microsoft.com/download/details.aspx?familyid=2969833a-66eb-46f9-a63b-fed652d29e55 11478 Maybe Security Update 14.0.2056.2 https://support.microsoft.com/help/5040942 11478 5040942 5040986 https://www.microsoft.com/download/details.aspx?familyid=54e6afd1-d83d-4542-8aae-6d4cd8a53a78 11821 Yes Security Update 15.0.2116.2 https://support.microsoft.com/help/5040986 11821 5040986 5040946 https://www.microsoft.com/download/details.aspx?familyid=5df9fdcd-6063-4709-8a46-d6e62ce83660 12048 Maybe Security Update 13.0.6441.1 https://support.microsoft.com/help/5040946 12048 5040946 5040944 https://www.microsoft.com/download/details.aspx?familyid=e24660af-2544-4d08-a639-fd5dc1d04292 12053 Maybe Security Update 13.0.7037.1 https://support.microsoft.com/help/5040944 12053 5040944 5040940 https://www.microsoft.com/download/details.aspx?familyid=aa8cdbcf-6dec-4876-864c-55193525d190 12145 Maybe Security Update 14.0.3471.2 https://support.microsoft.com/help/5040940 12145 5040940 5040936 https://www.microsoft.com/download/details.aspx?familyid=7aa8e5e5-86f3-45d9-a539-af03e1ea1f63 12147 Yes Security Update 16.0.1121.4 https://support.microsoft.com/help/5040936 12147 5040936 5040948 https://www.microsoft.com/download/details.aspx?familyid=1eb429b7-b226-4364-ad7c-405d30b37d1b 12355 Yes Security Update 15.0.4382.1 https://support.microsoft.com/help/5040948 12355 5040948 5040939 https://www.microsoft.com/download/details.aspx?familyid=8c3fdef0-6b0d-4a72-8438-d91f6d23b685 12354 Yes Security Update 16.0.4131.2 https://support.microsoft.com/help/5040939 12354 5040939 Anonymous 1.0 2024-07-09T07:00:00 <p>Information published.</p> SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5040939</td> <td>Security update for SQL Server 2022 CU13+GDR</td> <td>16.0.4003.1 - 16.0.4125.3</td> <td>KB 5036432 - SQL2022 RTM CU13</td> </tr> <tr> <td>5040936</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1000.6 - 16.0.1115.1</td> <td>KB 5035432 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5040948</td> <td>Security update for SQL Server 2019 CU27+GDR</td> <td>15.0.4003.23 - 15.0.4375.4</td> <td>KB 5037331 - SQL2019 RTM CU27</td> </tr> <tr> <td>5040986</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2000.5 - 15.0.2110.4</td> <td>KB 5035434 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5040940</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3006.16 - 14.0.3465.1</td> <td>KB 5029376 - SQL2017 RTM CU31</td> </tr> <tr> <td>5040942</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.1000.169 - 14.0.2052.1</td> <td>KB 5029375 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5040944</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7000.253 - 13.0.7029.3</td> <td>KB 5029187 - SQL2016 Azure Connect Feature Pack</td> </tr> <tr> <td>5040946</td> <td>Security update for SQL Server 2016RTM+GDR</td> <td>13.0.6300.2 - 13.0.6435.1</td> <td>KB 5029186 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2024-21317 Heap-based Buffer Overflow 11478 11821 12048 12053 12145 12147 12355 12354 Remote Code Execution 11478 Remote Code Execution 11821 Remote Code Execution 12048 Remote Code Execution 12053 Remote Code Execution 12145 Remote Code Execution 12147 Remote Code Execution 12355 Remote Code Execution 12354 Important 11478 Important 11821 Important 12048 Important 12053 Important 12145 Important 12147 Important 12355 Important 12354 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12355 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12354 5040942 https://www.microsoft.com/download/details.aspx?familyid=2969833a-66eb-46f9-a63b-fed652d29e55 11478 Maybe Security Update 14.0.2056.2 https://support.microsoft.com/help/5040942 11478 5040942 5040986 https://www.microsoft.com/download/details.aspx?familyid=54e6afd1-d83d-4542-8aae-6d4cd8a53a78 11821 Yes Security Update 15.0.2116.2 https://support.microsoft.com/help/5040986 11821 5040986 5040946 https://www.microsoft.com/download/details.aspx?familyid=5df9fdcd-6063-4709-8a46-d6e62ce83660 12048 Maybe Security Update 13.0.6441.1 https://support.microsoft.com/help/5040946 12048 5040946 5040944 https://www.microsoft.com/download/details.aspx?familyid=e24660af-2544-4d08-a639-fd5dc1d04292 12053 Maybe Security Update 13.0.7037.1 https://support.microsoft.com/help/5040944 12053 5040944 5040940 https://www.microsoft.com/download/details.aspx?familyid=aa8cdbcf-6dec-4876-864c-55193525d190 12145 Maybe Security Update 14.0.3471.2 https://support.microsoft.com/help/5040940 12145 5040940 5040936 https://www.microsoft.com/download/details.aspx?familyid=7aa8e5e5-86f3-45d9-a539-af03e1ea1f63 12147 Yes Security Update 16.0.1121.4 https://support.microsoft.com/help/5040936 12147 5040936 5040948 https://www.microsoft.com/download/details.aspx?familyid=1eb429b7-b226-4364-ad7c-405d30b37d1b 12355 Yes Security Update 15.0.4382.1 https://support.microsoft.com/help/5040948 12355 5040948 5040939 https://www.microsoft.com/download/details.aspx?familyid=8c3fdef0-6b0d-4a72-8438-d91f6d23b685 12354 Yes Security Update 16.0.4131.2 https://support.microsoft.com/help/5040939 12354 5040939 Anonymous 1.0 2024-07-09T07:00:00 <p>Information published.</p> SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5040939</td> <td>Security update for SQL Server 2022 CU13+GDR</td> <td>16.0.4003.1 - 16.0.4125.3</td> <td>KB 5036432 - SQL2022 RTM CU13</td> </tr> <tr> <td>5040936</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1000.6 - 16.0.1115.1</td> <td>KB 5035432 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5040948</td> <td>Security update for SQL Server 2019 CU27+GDR</td> <td>15.0.4003.23 - 15.0.4375.4</td> <td>KB 5037331 - SQL2019 RTM CU27</td> </tr> <tr> <td>5040986</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2000.5 - 15.0.2110.4</td> <td>KB 5035434 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5040940</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3006.16 - 14.0.3465.1</td> <td>KB 5029376 - SQL2017 RTM CU31</td> </tr> <tr> <td>5040942</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.1000.169 - 14.0.2052.1</td> <td>KB 5029375 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5040944</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7000.253 - 13.0.7029.3</td> <td>KB 5029187 - SQL2016 Azure Connect Feature Pack</td> </tr> <tr> <td>5040946</td> <td>Security update for SQL Server 2016RTM+GDR</td> <td>13.0.6300.2 - 13.0.6435.1</td> <td>KB 5029186 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2024-21331 Heap-based Buffer Overflow 11478 11821 12048 12053 12145 12147 12354 12355 Remote Code Execution 11478 Remote Code Execution 11821 Remote Code Execution 12048 Remote Code Execution 12053 Remote Code Execution 12145 Remote Code Execution 12147 Remote Code Execution 12354 Remote Code Execution 12355 Important 11478 Important 11821 Important 12048 Important 12053 Important 12145 Important 12147 Important 12354 Important 12355 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12354 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12355 5040942 https://www.microsoft.com/download/details.aspx?familyid=2969833a-66eb-46f9-a63b-fed652d29e55 11478 Maybe Security Update 14.0.2056.2 https://support.microsoft.com/help/5040942 11478 5040942 5040986 https://www.microsoft.com/download/details.aspx?familyid=54e6afd1-d83d-4542-8aae-6d4cd8a53a78 11821 Yes Security Update 15.0.2116.2 https://support.microsoft.com/help/5040986 11821 5040986 5040946 https://www.microsoft.com/download/details.aspx?familyid=5df9fdcd-6063-4709-8a46-d6e62ce83660 12048 Maybe Security Update 13.0.6441.1 https://support.microsoft.com/help/5040946 12048 5040946 5040944 https://www.microsoft.com/download/details.aspx?familyid=e24660af-2544-4d08-a639-fd5dc1d04292 12053 Maybe Security Update 13.0.7037.1 https://support.microsoft.com/help/5040944 12053 5040944 5040940 https://www.microsoft.com/download/details.aspx?familyid=aa8cdbcf-6dec-4876-864c-55193525d190 12145 Maybe Security Update 14.0.3471.2 https://support.microsoft.com/help/5040940 12145 5040940 5040936 https://www.microsoft.com/download/details.aspx?familyid=7aa8e5e5-86f3-45d9-a539-af03e1ea1f63 12147 Yes Security Update 16.0.1121.4 https://support.microsoft.com/help/5040936 12147 5040936 5040939 https://www.microsoft.com/download/details.aspx?familyid=8c3fdef0-6b0d-4a72-8438-d91f6d23b685 12354 Yes Security Update 16.0.4131.2 https://support.microsoft.com/help/5040939 12354 5040939 5040948 https://www.microsoft.com/download/details.aspx?familyid=1eb429b7-b226-4364-ad7c-405d30b37d1b 12355 Yes Security Update 15.0.4382.1 https://support.microsoft.com/help/5040948 12355 5040948 Anonymous 1.0 2024-07-09T07:00:00 <p>Information published.</p> SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5040939</td> <td>Security update for SQL Server 2022 CU13+GDR</td> <td>16.0.4003.1 - 16.0.4125.3</td> <td>KB 5036432 - SQL2022 RTM CU13</td> </tr> <tr> <td>5040936</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1000.6 - 16.0.1115.1</td> <td>KB 5035432 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5040948</td> <td>Security update for SQL Server 2019 CU27+GDR</td> <td>15.0.4003.23 - 15.0.4375.4</td> <td>KB 5037331 - SQL2019 RTM CU27</td> </tr> <tr> <td>5040986</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2000.5 - 15.0.2110.4</td> <td>KB 5035434 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5040940</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3006.16 - 14.0.3465.1</td> <td>KB 5029376 - SQL2017 RTM CU31</td> </tr> <tr> <td>5040942</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.1000.169 - 14.0.2052.1</td> <td>KB 5029375 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5040944</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7000.253 - 13.0.7029.3</td> <td>KB 5029187 - SQL2016 Azure Connect Feature Pack</td> </tr> <tr> <td>5040946</td> <td>Security update for SQL Server 2016RTM+GDR</td> <td>13.0.6300.2 - 13.0.6435.1</td> <td>KB 5029186 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2024-21425 Heap-based Buffer Overflow 12355 12354 11478 11821 12048 12053 12145 12147 Remote Code Execution 12355 Remote Code Execution 12354 Remote Code Execution 11478 Remote Code Execution 11821 Remote Code Execution 12048 Remote Code Execution 12053 Remote Code Execution 12145 Remote Code Execution 12147 Important 12355 Important 12354 Important 11478 Important 11821 Important 12048 Important 12053 Important 12145 Important 12147 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12355 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12354 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 5040948 https://www.microsoft.com/download/details.aspx?familyid=1eb429b7-b226-4364-ad7c-405d30b37d1b 12355 Yes Security Update 15.0.4382.1 https://support.microsoft.com/help/5040948 12355 5040948 5040939 https://www.microsoft.com/download/details.aspx?familyid=8c3fdef0-6b0d-4a72-8438-d91f6d23b685 12354 Yes Security Update 16.0.4131.2 https://support.microsoft.com/help/5040939 12354 5040939 5040942 https://www.microsoft.com/download/details.aspx?familyid=2969833a-66eb-46f9-a63b-fed652d29e55 11478 Maybe Security Update 14.0.2056.2 https://support.microsoft.com/help/5040942 11478 5040942 5040986 https://www.microsoft.com/download/details.aspx?familyid=54e6afd1-d83d-4542-8aae-6d4cd8a53a78 11821 Yes Security Update 15.0.2116.2 https://support.microsoft.com/help/5040986 11821 5040986 5040946 https://www.microsoft.com/download/details.aspx?familyid=5df9fdcd-6063-4709-8a46-d6e62ce83660 12048 Maybe Security Update 13.0.6441.1 https://support.microsoft.com/help/5040946 12048 5040946 5040944 https://www.microsoft.com/download/details.aspx?familyid=e24660af-2544-4d08-a639-fd5dc1d04292 12053 Maybe Security Update 13.0.7037.1 https://support.microsoft.com/help/5040944 12053 5040944 5040940 https://www.microsoft.com/download/details.aspx?familyid=aa8cdbcf-6dec-4876-864c-55193525d190 12145 Maybe Security Update 14.0.3471.2 https://support.microsoft.com/help/5040940 12145 5040940 5040936 https://www.microsoft.com/download/details.aspx?familyid=7aa8e5e5-86f3-45d9-a539-af03e1ea1f63 12147 Yes Security Update 16.0.1121.4 https://support.microsoft.com/help/5040936 12147 5040936 Anonymous 1.0 2024-07-09T07:00:00 <p>Information published.</p> SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5040939</td> <td>Security update for SQL Server 2022 CU13+GDR</td> <td>16.0.4003.1 - 16.0.4125.3</td> <td>KB 5036432 - SQL2022 RTM CU13</td> </tr> <tr> <td>5040936</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1000.6 - 16.0.1115.1</td> <td>KB 5035432 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5040948</td> <td>Security update for SQL Server 2019 CU27+GDR</td> <td>15.0.4003.23 - 15.0.4375.4</td> <td>KB 5037331 - SQL2019 RTM CU27</td> </tr> <tr> <td>5040986</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2000.5 - 15.0.2110.4</td> <td>KB 5035434 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5040940</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3006.16 - 14.0.3465.1</td> <td>KB 5029376 - SQL2017 RTM CU31</td> </tr> <tr> <td>5040942</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.1000.169 - 14.0.2052.1</td> <td>KB 5029375 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5040944</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7000.253 - 13.0.7029.3</td> <td>KB 5029187 - SQL2016 Azure Connect Feature Pack</td> </tr> <tr> <td>5040946</td> <td>Security update for SQL Server 2016RTM+GDR</td> <td>13.0.6300.2 - 13.0.6435.1</td> <td>KB 5029186 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2024-37319 Heap-based Buffer Overflow 11478 11821 12048 12053 12145 12147 12354 12355 Remote Code Execution 11478 Remote Code Execution 11821 Remote Code Execution 12048 Remote Code Execution 12053 Remote Code Execution 12145 Remote Code Execution 12147 Remote Code Execution 12354 Remote Code Execution 12355 Important 11478 Important 11821 Important 12048 Important 12053 Important 12145 Important 12147 Important 12354 Important 12355 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12354 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12355 5040942 https://www.microsoft.com/download/details.aspx?familyid=2969833a-66eb-46f9-a63b-fed652d29e55 11478 Maybe Security Update 14.0.2056.2 https://support.microsoft.com/help/5040942 11478 5040942 5040986 https://www.microsoft.com/download/details.aspx?familyid=54e6afd1-d83d-4542-8aae-6d4cd8a53a78 11821 Yes Security Update 15.0.2116.2 https://support.microsoft.com/help/5040986 11821 5040986 5040946 https://www.microsoft.com/download/details.aspx?familyid=5df9fdcd-6063-4709-8a46-d6e62ce83660 12048 Maybe Security Update 13.0.6441.1 https://support.microsoft.com/help/5040946 12048 5040946 5040944 https://www.microsoft.com/download/details.aspx?familyid=e24660af-2544-4d08-a639-fd5dc1d04292 12053 Maybe Security Update 13.0.7037.1 https://support.microsoft.com/help/5040944 12053 5040944 5040940 https://www.microsoft.com/download/details.aspx?familyid=aa8cdbcf-6dec-4876-864c-55193525d190 12145 Maybe Security Update 14.0.3471.2 https://support.microsoft.com/help/5040940 12145 5040940 5040936 https://www.microsoft.com/download/details.aspx?familyid=7aa8e5e5-86f3-45d9-a539-af03e1ea1f63 12147 Yes Security Update 16.0.1121.4 https://support.microsoft.com/help/5040936 12147 5040936 5040939 https://www.microsoft.com/download/details.aspx?familyid=8c3fdef0-6b0d-4a72-8438-d91f6d23b685 12354 Yes Security Update 16.0.4131.2 https://support.microsoft.com/help/5040939 12354 5040939 5040948 https://www.microsoft.com/download/details.aspx?familyid=1eb429b7-b226-4364-ad7c-405d30b37d1b 12355 Yes Security Update 15.0.4382.1 https://support.microsoft.com/help/5040948 12355 5040948 Anonymous 1.0 2024-07-09T07:00:00 <p>Information published.</p> SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5040939</td> <td>Security update for SQL Server 2022 CU13+GDR</td> <td>16.0.4003.1 - 16.0.4125.3</td> <td>KB 5036432 - SQL2022 RTM CU13</td> </tr> <tr> <td>5040936</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1000.6 - 16.0.1115.1</td> <td>KB 5035432 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5040948</td> <td>Security update for SQL Server 2019 CU27+GDR</td> <td>15.0.4003.23 - 15.0.4375.4</td> <td>KB 5037331 - SQL2019 RTM CU27</td> </tr> <tr> <td>5040986</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2000.5 - 15.0.2110.4</td> <td>KB 5035434 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5040940</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3006.16 - 14.0.3465.1</td> <td>KB 5029376 - SQL2017 RTM CU31</td> </tr> <tr> <td>5040942</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.1000.169 - 14.0.2052.1</td> <td>KB 5029375 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5040944</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7000.253 - 13.0.7029.3</td> <td>KB 5029187 - SQL2016 Azure Connect Feature Pack</td> </tr> <tr> <td>5040946</td> <td>Security update for SQL Server 2016RTM+GDR</td> <td>13.0.6300.2 - 13.0.6435.1</td> <td>KB 5029186 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2024-37320 Use After Free 11478 11821 12048 12053 12145 12147 12354 12355 Remote Code Execution 11478 Remote Code Execution 11821 Remote Code Execution 12048 Remote Code Execution 12053 Remote Code Execution 12145 Remote Code Execution 12147 Remote Code Execution 12354 Remote Code Execution 12355 Important 11478 Important 11821 Important 12048 Important 12053 Important 12145 Important 12147 Important 12354 Important 12355 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12354 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12355 5040942 https://www.microsoft.com/download/details.aspx?familyid=2969833a-66eb-46f9-a63b-fed652d29e55 11478 Maybe Security Update 14.0.2056.2 https://support.microsoft.com/help/5040942 11478 5040942 5040986 https://www.microsoft.com/download/details.aspx?familyid=54e6afd1-d83d-4542-8aae-6d4cd8a53a78 11821 Yes Security Update 15.0.2116.2 https://support.microsoft.com/help/5040986 11821 5040986 5040946 https://www.microsoft.com/download/details.aspx?familyid=5df9fdcd-6063-4709-8a46-d6e62ce83660 12048 Maybe Security Update 13.0.6441.1 https://support.microsoft.com/help/5040946 12048 5040946 5040944 https://www.microsoft.com/download/details.aspx?familyid=e24660af-2544-4d08-a639-fd5dc1d04292 12053 Maybe Security Update 13.0.7037.1 https://support.microsoft.com/help/5040944 12053 5040944 5040940 https://www.microsoft.com/download/details.aspx?familyid=aa8cdbcf-6dec-4876-864c-55193525d190 12145 Maybe Security Update 14.0.3471.2 https://support.microsoft.com/help/5040940 12145 5040940 5040936 https://www.microsoft.com/download/details.aspx?familyid=7aa8e5e5-86f3-45d9-a539-af03e1ea1f63 12147 Yes Security Update 16.0.1121.4 https://support.microsoft.com/help/5040936 12147 5040936 5040939 https://www.microsoft.com/download/details.aspx?familyid=8c3fdef0-6b0d-4a72-8438-d91f6d23b685 12354 Yes Security Update 16.0.4131.2 https://support.microsoft.com/help/5040939 12354 5040939 5040948 https://www.microsoft.com/download/details.aspx?familyid=1eb429b7-b226-4364-ad7c-405d30b37d1b 12355 Yes Security Update 15.0.4382.1 https://support.microsoft.com/help/5040948 12355 5040948 Anonymous 1.0 2024-07-09T07:00:00 <p>Information published.</p> SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5040939</td> <td>Security update for SQL Server 2022 CU13+GDR</td> <td>16.0.4003.1 - 16.0.4125.3</td> <td>KB 5036432 - SQL2022 RTM CU13</td> </tr> <tr> <td>5040936</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1000.6 - 16.0.1115.1</td> <td>KB 5035432 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5040948</td> <td>Security update for SQL Server 2019 CU27+GDR</td> <td>15.0.4003.23 - 15.0.4375.4</td> <td>KB 5037331 - SQL2019 RTM CU27</td> </tr> <tr> <td>5040986</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2000.5 - 15.0.2110.4</td> <td>KB 5035434 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5040940</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3006.16 - 14.0.3465.1</td> <td>KB 5029376 - SQL2017 RTM CU31</td> </tr> <tr> <td>5040942</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.1000.169 - 14.0.2052.1</td> <td>KB 5029375 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5040944</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7000.253 - 13.0.7029.3</td> <td>KB 5029187 - SQL2016 Azure Connect Feature Pack</td> </tr> <tr> <td>5040946</td> <td>Security update for SQL Server 2016RTM+GDR</td> <td>13.0.6300.2 - 13.0.6435.1</td> <td>KB 5029186 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2024-37321 Heap-based Buffer Overflow 11478 11821 12048 12053 12145 12147 12354 12355 Remote Code Execution 11478 Remote Code Execution 11821 Remote Code Execution 12048 Remote Code Execution 12053 Remote Code Execution 12145 Remote Code Execution 12147 Remote Code Execution 12354 Remote Code Execution 12355 Important 11478 Important 11821 Important 12048 Important 12053 Important 12145 Important 12147 Important 12354 Important 12355 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12354 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12355 5040942 https://www.microsoft.com/download/details.aspx?familyid=2969833a-66eb-46f9-a63b-fed652d29e55 11478 Maybe Security Update 14.0.2056.2 https://support.microsoft.com/help/5040942 11478 5040942 5040986 https://www.microsoft.com/download/details.aspx?familyid=54e6afd1-d83d-4542-8aae-6d4cd8a53a78 11821 Yes Security Update 15.0.2116.2 https://support.microsoft.com/help/5040986 11821 5040986 5040946 https://www.microsoft.com/download/details.aspx?familyid=5df9fdcd-6063-4709-8a46-d6e62ce83660 12048 Maybe Security Update 13.0.6441.1 https://support.microsoft.com/help/5040946 12048 5040946 5040944 https://www.microsoft.com/download/details.aspx?familyid=e24660af-2544-4d08-a639-fd5dc1d04292 12053 Maybe Security Update 13.0.7037.1 https://support.microsoft.com/help/5040944 12053 5040944 5040940 https://www.microsoft.com/download/details.aspx?familyid=aa8cdbcf-6dec-4876-864c-55193525d190 12145 Maybe Security Update 14.0.3471.2 https://support.microsoft.com/help/5040940 12145 5040940 5040936 https://www.microsoft.com/download/details.aspx?familyid=7aa8e5e5-86f3-45d9-a539-af03e1ea1f63 12147 Yes Security Update 16.0.1121.4 https://support.microsoft.com/help/5040936 12147 5040936 5040939 https://www.microsoft.com/download/details.aspx?familyid=8c3fdef0-6b0d-4a72-8438-d91f6d23b685 12354 Yes Security Update 16.0.4131.2 https://support.microsoft.com/help/5040939 12354 5040939 5040948 https://www.microsoft.com/download/details.aspx?familyid=1eb429b7-b226-4364-ad7c-405d30b37d1b 12355 Yes Security Update 15.0.4382.1 https://support.microsoft.com/help/5040948 12355 5040948 Anonymous 1.0 2024-07-09T07:00:00 <p>Information published.</p> SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5040939</td> <td>Security update for SQL Server 2022 CU13+GDR</td> <td>16.0.4003.1 - 16.0.4125.3</td> <td>KB 5036432 - SQL2022 RTM CU13</td> </tr> <tr> <td>5040936</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1000.6 - 16.0.1115.1</td> <td>KB 5035432 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5040948</td> <td>Security update for SQL Server 2019 CU27+GDR</td> <td>15.0.4003.23 - 15.0.4375.4</td> <td>KB 5037331 - SQL2019 RTM CU27</td> </tr> <tr> <td>5040986</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2000.5 - 15.0.2110.4</td> <td>KB 5035434 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5040940</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3006.16 - 14.0.3465.1</td> <td>KB 5029376 - SQL2017 RTM CU31</td> </tr> <tr> <td>5040942</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.1000.169 - 14.0.2052.1</td> <td>KB 5029375 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5040944</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7000.253 - 13.0.7029.3</td> <td>KB 5029187 - SQL2016 Azure Connect Feature Pack</td> </tr> <tr> <td>5040946</td> <td>Security update for SQL Server 2016RTM+GDR</td> <td>13.0.6300.2 - 13.0.6435.1</td> <td>KB 5029186 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2024-37322 Heap-based Buffer Overflow 11478 11821 12048 12053 12145 12147 12354 12355 Remote Code Execution 11478 Remote Code Execution 11821 Remote Code Execution 12048 Remote Code Execution 12053 Remote Code Execution 12145 Remote Code Execution 12147 Remote Code Execution 12354 Remote Code Execution 12355 Important 11478 Important 11821 Important 12048 Important 12053 Important 12145 Important 12147 Important 12354 Important 12355 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12354 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12355 5040942 https://www.microsoft.com/download/details.aspx?familyid=2969833a-66eb-46f9-a63b-fed652d29e55 11478 Maybe Security Update 14.0.2056.2 https://support.microsoft.com/help/5040942 11478 5040942 5040986 https://www.microsoft.com/download/details.aspx?familyid=54e6afd1-d83d-4542-8aae-6d4cd8a53a78 11821 Yes Security Update 15.0.2116.2 https://support.microsoft.com/help/5040986 11821 5040986 5040946 https://www.microsoft.com/download/details.aspx?familyid=5df9fdcd-6063-4709-8a46-d6e62ce83660 12048 Maybe Security Update 13.0.6441.1 https://support.microsoft.com/help/5040946 12048 5040946 5040944 https://www.microsoft.com/download/details.aspx?familyid=e24660af-2544-4d08-a639-fd5dc1d04292 12053 Maybe Security Update 13.0.7037.1 https://support.microsoft.com/help/5040944 12053 5040944 5040940 https://www.microsoft.com/download/details.aspx?familyid=aa8cdbcf-6dec-4876-864c-55193525d190 12145 Maybe Security Update 14.0.3471.2 https://support.microsoft.com/help/5040940 12145 5040940 5040936 https://www.microsoft.com/download/details.aspx?familyid=7aa8e5e5-86f3-45d9-a539-af03e1ea1f63 12147 Yes Security Update 16.0.1121.4 https://support.microsoft.com/help/5040936 12147 5040936 5040939 https://www.microsoft.com/download/details.aspx?familyid=8c3fdef0-6b0d-4a72-8438-d91f6d23b685 12354 Yes Security Update 16.0.4131.2 https://support.microsoft.com/help/5040939 12354 5040939 5040948 https://www.microsoft.com/download/details.aspx?familyid=1eb429b7-b226-4364-ad7c-405d30b37d1b 12355 Yes Security Update 15.0.4382.1 https://support.microsoft.com/help/5040948 12355 5040948 Anonymous 1.0 2024-07-09T07:00:00 <p>Information published.</p> SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5040939</td> <td>Security update for SQL Server 2022 CU13+GDR</td> <td>16.0.4003.1 - 16.0.4125.3</td> <td>KB 5036432 - SQL2022 RTM CU13</td> </tr> <tr> <td>5040936</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1000.6 - 16.0.1115.1</td> <td>KB 5035432 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5040948</td> <td>Security update for SQL Server 2019 CU27+GDR</td> <td>15.0.4003.23 - 15.0.4375.4</td> <td>KB 5037331 - SQL2019 RTM CU27</td> </tr> <tr> <td>5040986</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2000.5 - 15.0.2110.4</td> <td>KB 5035434 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5040940</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3006.16 - 14.0.3465.1</td> <td>KB 5029376 - SQL2017 RTM CU31</td> </tr> <tr> <td>5040942</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.1000.169 - 14.0.2052.1</td> <td>KB 5029375 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5040944</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7000.253 - 13.0.7029.3</td> <td>KB 5029187 - SQL2016 Azure Connect Feature Pack</td> </tr> <tr> <td>5040946</td> <td>Security update for SQL Server 2016RTM+GDR</td> <td>13.0.6300.2 - 13.0.6435.1</td> <td>KB 5029186 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2024-37323 Integer Overflow or Wraparound 11478 11821 12048 12053 12145 12147 12355 12354 Remote Code Execution 11478 Remote Code Execution 11821 Remote Code Execution 12048 Remote Code Execution 12053 Remote Code Execution 12145 Remote Code Execution 12147 Remote Code Execution 12355 Remote Code Execution 12354 Important 11478 Important 11821 Important 12048 Important 12053 Important 12145 Important 12147 Important 12355 Important 12354 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12355 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12354 5040942 https://www.microsoft.com/download/details.aspx?familyid=2969833a-66eb-46f9-a63b-fed652d29e55 11478 Maybe Security Update 14.0.2056.2 https://support.microsoft.com/help/5040942 11478 5040942 5040986 https://www.microsoft.com/download/details.aspx?familyid=54e6afd1-d83d-4542-8aae-6d4cd8a53a78 11821 Yes Security Update 15.0.2116.2 https://support.microsoft.com/help/5040986 11821 5040986 5040946 https://www.microsoft.com/download/details.aspx?familyid=5df9fdcd-6063-4709-8a46-d6e62ce83660 12048 Maybe Security Update 13.0.6441.1 https://support.microsoft.com/help/5040946 12048 5040946 5040944 https://www.microsoft.com/download/details.aspx?familyid=e24660af-2544-4d08-a639-fd5dc1d04292 12053 Maybe Security Update 13.0.7037.1 https://support.microsoft.com/help/5040944 12053 5040944 5040940 https://www.microsoft.com/download/details.aspx?familyid=aa8cdbcf-6dec-4876-864c-55193525d190 12145 Maybe Security Update 14.0.3471.2 https://support.microsoft.com/help/5040940 12145 5040940 5040936 https://www.microsoft.com/download/details.aspx?familyid=7aa8e5e5-86f3-45d9-a539-af03e1ea1f63 12147 Yes Security Update 16.0.1121.4 https://support.microsoft.com/help/5040936 12147 5040936 5040948 https://www.microsoft.com/download/details.aspx?familyid=1eb429b7-b226-4364-ad7c-405d30b37d1b 12355 Yes Security Update 15.0.4382.1 https://support.microsoft.com/help/5040948 12355 5040948 5040939 https://www.microsoft.com/download/details.aspx?familyid=8c3fdef0-6b0d-4a72-8438-d91f6d23b685 12354 Yes Security Update 16.0.4131.2 https://support.microsoft.com/help/5040939 12354 5040939 Anonymous 1.0 2024-07-09T07:00:00 <p>Information published.</p> SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5040939</td> <td>Security update for SQL Server 2022 CU13+GDR</td> <td>16.0.4003.1 - 16.0.4125.3</td> <td>KB 5036432 - SQL2022 RTM CU13</td> </tr> <tr> <td>5040936</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1000.6 - 16.0.1115.1</td> <td>KB 5035432 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5040948</td> <td>Security update for SQL Server 2019 CU27+GDR</td> <td>15.0.4003.23 - 15.0.4375.4</td> <td>KB 5037331 - SQL2019 RTM CU27</td> </tr> <tr> <td>5040986</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2000.5 - 15.0.2110.4</td> <td>KB 5035434 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5040940</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3006.16 - 14.0.3465.1</td> <td>KB 5029376 - SQL2017 RTM CU31</td> </tr> <tr> <td>5040942</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.1000.169 - 14.0.2052.1</td> <td>KB 5029375 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5040944</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7000.253 - 13.0.7029.3</td> <td>KB 5029187 - SQL2016 Azure Connect Feature Pack</td> </tr> <tr> <td>5040946</td> <td>Security update for SQL Server 2016RTM+GDR</td> <td>13.0.6300.2 - 13.0.6435.1</td> <td>KB 5029186 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2024-37324 Heap-based Buffer Overflow 12354 12355 11478 11821 12048 12053 12145 12147 Remote Code Execution 12354 Remote Code Execution 12355 Remote Code Execution 11478 Remote Code Execution 11821 Remote Code Execution 12048 Remote Code Execution 12053 Remote Code Execution 12145 Remote Code Execution 12147 Important 12354 Important 12355 Important 11478 Important 11821 Important 12048 Important 12053 Important 12145 Important 12147 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12354 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12355 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 5040939 https://www.microsoft.com/download/details.aspx?familyid=8c3fdef0-6b0d-4a72-8438-d91f6d23b685 12354 Yes Security Update 16.0.4131.2 https://support.microsoft.com/help/5040939 12354 5040939 5040948 https://www.microsoft.com/download/details.aspx?familyid=1eb429b7-b226-4364-ad7c-405d30b37d1b 12355 Yes Security Update 15.0.4382.1 https://support.microsoft.com/help/5040948 12355 5040948 5040942 https://www.microsoft.com/download/details.aspx?familyid=2969833a-66eb-46f9-a63b-fed652d29e55 11478 Maybe Security Update 14.0.2056.2 https://support.microsoft.com/help/5040942 11478 5040942 5040986 https://www.microsoft.com/download/details.aspx?familyid=54e6afd1-d83d-4542-8aae-6d4cd8a53a78 11821 Yes Security Update 15.0.2116.2 https://support.microsoft.com/help/5040986 11821 5040986 5040946 https://www.microsoft.com/download/details.aspx?familyid=5df9fdcd-6063-4709-8a46-d6e62ce83660 12048 Maybe Security Update 13.0.6441.1 https://support.microsoft.com/help/5040946 12048 5040946 5040944 https://www.microsoft.com/download/details.aspx?familyid=e24660af-2544-4d08-a639-fd5dc1d04292 12053 Maybe Security Update 13.0.7037.1 https://support.microsoft.com/help/5040944 12053 5040944 5040940 https://www.microsoft.com/download/details.aspx?familyid=aa8cdbcf-6dec-4876-864c-55193525d190 12145 Maybe Security Update 14.0.3471.2 https://support.microsoft.com/help/5040940 12145 5040940 5040936 https://www.microsoft.com/download/details.aspx?familyid=7aa8e5e5-86f3-45d9-a539-af03e1ea1f63 12147 Yes Security Update 16.0.1121.4 https://support.microsoft.com/help/5040936 12147 5040936 Anonymous 1.0 2024-07-09T07:00:00 <p>Information published.</p> SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5040939</td> <td>Security update for SQL Server 2022 CU13+GDR</td> <td>16.0.4003.1 - 16.0.4125.3</td> <td>KB 5036432 - SQL2022 RTM CU13</td> </tr> <tr> <td>5040936</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1000.6 - 16.0.1115.1</td> <td>KB 5035432 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5040948</td> <td>Security update for SQL Server 2019 CU27+GDR</td> <td>15.0.4003.23 - 15.0.4375.4</td> <td>KB 5037331 - SQL2019 RTM CU27</td> </tr> <tr> <td>5040986</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2000.5 - 15.0.2110.4</td> <td>KB 5035434 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5040940</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3006.16 - 14.0.3465.1</td> <td>KB 5029376 - SQL2017 RTM CU31</td> </tr> <tr> <td>5040942</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.1000.169 - 14.0.2052.1</td> <td>KB 5029375 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5040944</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7000.253 - 13.0.7029.3</td> <td>KB 5029187 - SQL2016 Azure Connect Feature Pack</td> </tr> <tr> <td>5040946</td> <td>Security update for SQL Server 2016RTM+GDR</td> <td>13.0.6300.2 - 13.0.6435.1</td> <td>KB 5029186 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2024-21449 Heap-based Buffer Overflow 11478 11821 12048 12053 12145 12147 12354 12355 Remote Code Execution 11478 Remote Code Execution 11821 Remote Code Execution 12048 Remote Code Execution 12053 Remote Code Execution 12145 Remote Code Execution 12147 Remote Code Execution 12354 Remote Code Execution 12355 Important 11478 Important 11821 Important 12048 Important 12053 Important 12145 Important 12147 Important 12354 Important 12355 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12354 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12355 5040942 https://www.microsoft.com/download/details.aspx?familyid=2969833a-66eb-46f9-a63b-fed652d29e55 11478 Maybe Security Update 14.0.2056.2 https://support.microsoft.com/help/5040942 11478 5040942 5040986 https://www.microsoft.com/download/details.aspx?familyid=54e6afd1-d83d-4542-8aae-6d4cd8a53a78 11821 Yes Security Update 15.0.2116.2 https://support.microsoft.com/help/5040986 11821 5040986 5040946 https://www.microsoft.com/download/details.aspx?familyid=5df9fdcd-6063-4709-8a46-d6e62ce83660 12048 Maybe Security Update 13.0.6441.1 https://support.microsoft.com/help/5040946 12048 5040946 5040944 https://www.microsoft.com/download/details.aspx?familyid=e24660af-2544-4d08-a639-fd5dc1d04292 12053 Maybe Security Update 13.0.7037.1 https://support.microsoft.com/help/5040944 12053 5040944 5040940 https://www.microsoft.com/download/details.aspx?familyid=aa8cdbcf-6dec-4876-864c-55193525d190 12145 Maybe Security Update 14.0.3471.2 https://support.microsoft.com/help/5040940 12145 5040940 5040936 https://www.microsoft.com/download/details.aspx?familyid=7aa8e5e5-86f3-45d9-a539-af03e1ea1f63 12147 Yes Security Update 16.0.1121.4 https://support.microsoft.com/help/5040936 12147 5040936 5040939 https://www.microsoft.com/download/details.aspx?familyid=8c3fdef0-6b0d-4a72-8438-d91f6d23b685 12354 Yes Security Update 16.0.4131.2 https://support.microsoft.com/help/5040939 12354 5040939 5040948 https://www.microsoft.com/download/details.aspx?familyid=1eb429b7-b226-4364-ad7c-405d30b37d1b 12355 Yes Security Update 15.0.4382.1 https://support.microsoft.com/help/5040948 12355 5040948 Anonymous 1.0 2024-07-09T07:00:00 <p>Information published.</p> SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5040939</td> <td>Security update for SQL Server 2022 CU13+GDR</td> <td>16.0.4003.1 - 16.0.4125.3</td> <td>KB 5036432 - SQL2022 RTM CU13</td> </tr> <tr> <td>5040936</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1000.6 - 16.0.1115.1</td> <td>KB 5035432 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5040948</td> <td>Security update for SQL Server 2019 CU27+GDR</td> <td>15.0.4003.23 - 15.0.4375.4</td> <td>KB 5037331 - SQL2019 RTM CU27</td> </tr> <tr> <td>5040986</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2000.5 - 15.0.2110.4</td> <td>KB 5035434 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5040940</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3006.16 - 14.0.3465.1</td> <td>KB 5029376 - SQL2017 RTM CU31</td> </tr> <tr> <td>5040942</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.1000.169 - 14.0.2052.1</td> <td>KB 5029375 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5040944</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7000.253 - 13.0.7029.3</td> <td>KB 5029187 - SQL2016 Azure Connect Feature Pack</td> </tr> <tr> <td>5040946</td> <td>Security update for SQL Server 2016RTM+GDR</td> <td>13.0.6300.2 - 13.0.6435.1</td> <td>KB 5029186 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2024-37326 Heap-based Buffer Overflow 11478 11821 12048 12053 12145 12147 12355 12354 Remote Code Execution 11478 Remote Code Execution 11821 Remote Code Execution 12048 Remote Code Execution 12053 Remote Code Execution 12145 Remote Code Execution 12147 Remote Code Execution 12355 Remote Code Execution 12354 Important 11478 Important 11821 Important 12048 Important 12053 Important 12145 Important 12147 Important 12355 Important 12354 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12355 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12354 5040942 https://www.microsoft.com/download/details.aspx?familyid=2969833a-66eb-46f9-a63b-fed652d29e55 11478 Maybe Security Update 14.0.2056.2 https://support.microsoft.com/help/5040942 11478 5040942 5040986 https://www.microsoft.com/download/details.aspx?familyid=54e6afd1-d83d-4542-8aae-6d4cd8a53a78 11821 Yes Security Update 15.0.2116.2 https://support.microsoft.com/help/5040986 11821 5040986 5040946 https://www.microsoft.com/download/details.aspx?familyid=5df9fdcd-6063-4709-8a46-d6e62ce83660 12048 Maybe Security Update 13.0.6441.1 https://support.microsoft.com/help/5040946 12048 5040946 5040944 https://www.microsoft.com/download/details.aspx?familyid=e24660af-2544-4d08-a639-fd5dc1d04292 12053 Maybe Security Update 13.0.7037.1 https://support.microsoft.com/help/5040944 12053 5040944 5040940 https://www.microsoft.com/download/details.aspx?familyid=aa8cdbcf-6dec-4876-864c-55193525d190 12145 Maybe Security Update 14.0.3471.2 https://support.microsoft.com/help/5040940 12145 5040940 5040936 https://www.microsoft.com/download/details.aspx?familyid=7aa8e5e5-86f3-45d9-a539-af03e1ea1f63 12147 Yes Security Update 16.0.1121.4 https://support.microsoft.com/help/5040936 12147 5040936 5040948 https://www.microsoft.com/download/details.aspx?familyid=1eb429b7-b226-4364-ad7c-405d30b37d1b 12355 Yes Security Update 15.0.4382.1 https://support.microsoft.com/help/5040948 12355 5040948 5040939 https://www.microsoft.com/download/details.aspx?familyid=8c3fdef0-6b0d-4a72-8438-d91f6d23b685 12354 Yes Security Update 16.0.4131.2 https://support.microsoft.com/help/5040939 12354 5040939 Anonymous 1.0 2024-07-09T07:00:00 <p>Information published.</p> SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5040939</td> <td>Security update for SQL Server 2022 CU13+GDR</td> <td>16.0.4003.1 - 16.0.4125.3</td> <td>KB 5036432 - SQL2022 RTM CU13</td> </tr> <tr> <td>5040936</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1000.6 - 16.0.1115.1</td> <td>KB 5035432 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5040948</td> <td>Security update for SQL Server 2019 CU27+GDR</td> <td>15.0.4003.23 - 15.0.4375.4</td> <td>KB 5037331 - SQL2019 RTM CU27</td> </tr> <tr> <td>5040986</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2000.5 - 15.0.2110.4</td> <td>KB 5035434 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5040940</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3006.16 - 14.0.3465.1</td> <td>KB 5029376 - SQL2017 RTM CU31</td> </tr> <tr> <td>5040942</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.1000.169 - 14.0.2052.1</td> <td>KB 5029375 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5040944</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7000.253 - 13.0.7029.3</td> <td>KB 5029187 - SQL2016 Azure Connect Feature Pack</td> </tr> <tr> <td>5040946</td> <td>Security update for SQL Server 2016RTM+GDR</td> <td>13.0.6300.2 - 13.0.6435.1</td> <td>KB 5029186 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2024-37327 Heap-based Buffer Overflow 11478 11821 12048 12053 12145 12147 12354 12355 Remote Code Execution 11478 Remote Code Execution 11821 Remote Code Execution 12048 Remote Code Execution 12053 Remote Code Execution 12145 Remote Code Execution 12147 Remote Code Execution 12354 Remote Code Execution 12355 Important 11478 Important 11821 Important 12048 Important 12053 Important 12145 Important 12147 Important 12354 Important 12355 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12354 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12355 5040942 https://www.microsoft.com/download/details.aspx?familyid=2969833a-66eb-46f9-a63b-fed652d29e55 11478 Maybe Security Update 14.0.2056.2 https://support.microsoft.com/help/5040942 11478 5040942 5040986 https://www.microsoft.com/download/details.aspx?familyid=54e6afd1-d83d-4542-8aae-6d4cd8a53a78 11821 Yes Security Update 15.0.2116.2 https://support.microsoft.com/help/5040986 11821 5040986 5040946 https://www.microsoft.com/download/details.aspx?familyid=5df9fdcd-6063-4709-8a46-d6e62ce83660 12048 Maybe Security Update 13.0.6441.1 https://support.microsoft.com/help/5040946 12048 5040946 5040944 https://www.microsoft.com/download/details.aspx?familyid=e24660af-2544-4d08-a639-fd5dc1d04292 12053 Maybe Security Update 13.0.7037.1 https://support.microsoft.com/help/5040944 12053 5040944 5040940 https://www.microsoft.com/download/details.aspx?familyid=aa8cdbcf-6dec-4876-864c-55193525d190 12145 Maybe Security Update 14.0.3471.2 https://support.microsoft.com/help/5040940 12145 5040940 5040936 https://www.microsoft.com/download/details.aspx?familyid=7aa8e5e5-86f3-45d9-a539-af03e1ea1f63 12147 Yes Security Update 16.0.1121.4 https://support.microsoft.com/help/5040936 12147 5040936 5040939 https://www.microsoft.com/download/details.aspx?familyid=8c3fdef0-6b0d-4a72-8438-d91f6d23b685 12354 Yes Security Update 16.0.4131.2 https://support.microsoft.com/help/5040939 12354 5040939 5040948 https://www.microsoft.com/download/details.aspx?familyid=1eb429b7-b226-4364-ad7c-405d30b37d1b 12355 Yes Security Update 15.0.4382.1 https://support.microsoft.com/help/5040948 12355 5040948 Anonymous 1.0 2024-07-09T07:00:00 <p>Information published.</p> SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5040939</td> <td>Security update for SQL Server 2022 CU13+GDR</td> <td>16.0.4003.1 - 16.0.4125.3</td> <td>KB 5036432 - SQL2022 RTM CU13</td> </tr> <tr> <td>5040936</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1000.6 - 16.0.1115.1</td> <td>KB 5035432 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5040948</td> <td>Security update for SQL Server 2019 CU27+GDR</td> <td>15.0.4003.23 - 15.0.4375.4</td> <td>KB 5037331 - SQL2019 RTM CU27</td> </tr> <tr> <td>5040986</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2000.5 - 15.0.2110.4</td> <td>KB 5035434 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5040940</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3006.16 - 14.0.3465.1</td> <td>KB 5029376 - SQL2017 RTM CU31</td> </tr> <tr> <td>5040942</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.1000.169 - 14.0.2052.1</td> <td>KB 5029375 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5040944</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7000.253 - 13.0.7029.3</td> <td>KB 5029187 - SQL2016 Azure Connect Feature Pack</td> </tr> <tr> <td>5040946</td> <td>Security update for SQL Server 2016RTM+GDR</td> <td>13.0.6300.2 - 13.0.6435.1</td> <td>KB 5029186 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2024-37328 Heap-based Buffer Overflow 11478 11821 12048 12053 12145 12147 12355 12354 Remote Code Execution 11478 Remote Code Execution 11821 Remote Code Execution 12048 Remote Code Execution 12053 Remote Code Execution 12145 Remote Code Execution 12147 Remote Code Execution 12355 Remote Code Execution 12354 Important 11478 Important 11821 Important 12048 Important 12053 Important 12145 Important 12147 Important 12355 Important 12354 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12355 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12354 5040942 https://www.microsoft.com/download/details.aspx?familyid=2969833a-66eb-46f9-a63b-fed652d29e55 11478 Maybe Security Update 14.0.2056.2 https://support.microsoft.com/help/5040942 11478 5040942 5040986 https://www.microsoft.com/download/details.aspx?familyid=54e6afd1-d83d-4542-8aae-6d4cd8a53a78 11821 Yes Security Update 15.0.2116.2 https://support.microsoft.com/help/5040986 11821 5040986 5040946 https://www.microsoft.com/download/details.aspx?familyid=5df9fdcd-6063-4709-8a46-d6e62ce83660 12048 Maybe Security Update 13.0.6441.1 https://support.microsoft.com/help/5040946 12048 5040946 5040944 https://www.microsoft.com/download/details.aspx?familyid=e24660af-2544-4d08-a639-fd5dc1d04292 12053 Maybe Security Update 13.0.7037.1 https://support.microsoft.com/help/5040944 12053 5040944 5040940 https://www.microsoft.com/download/details.aspx?familyid=aa8cdbcf-6dec-4876-864c-55193525d190 12145 Maybe Security Update 14.0.3471.2 https://support.microsoft.com/help/5040940 12145 5040940 5040936 https://www.microsoft.com/download/details.aspx?familyid=7aa8e5e5-86f3-45d9-a539-af03e1ea1f63 12147 Yes Security Update 16.0.1121.4 https://support.microsoft.com/help/5040936 12147 5040936 5040948 https://www.microsoft.com/download/details.aspx?familyid=1eb429b7-b226-4364-ad7c-405d30b37d1b 12355 Yes Security Update 15.0.4382.1 https://support.microsoft.com/help/5040948 12355 5040948 5040939 https://www.microsoft.com/download/details.aspx?familyid=8c3fdef0-6b0d-4a72-8438-d91f6d23b685 12354 Yes Security Update 16.0.4131.2 https://support.microsoft.com/help/5040939 12354 5040939 Anonymous 1.0 2024-07-09T07:00:00 <p>Information published.</p> SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5040939</td> <td>Security update for SQL Server 2022 CU13+GDR</td> <td>16.0.4003.1 - 16.0.4125.3</td> <td>KB 5036432 - SQL2022 RTM CU13</td> </tr> <tr> <td>5040936</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1000.6 - 16.0.1115.1</td> <td>KB 5035432 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5040948</td> <td>Security update for SQL Server 2019 CU27+GDR</td> <td>15.0.4003.23 - 15.0.4375.4</td> <td>KB 5037331 - SQL2019 RTM CU27</td> </tr> <tr> <td>5040986</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2000.5 - 15.0.2110.4</td> <td>KB 5035434 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5040940</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3006.16 - 14.0.3465.1</td> <td>KB 5029376 - SQL2017 RTM CU31</td> </tr> <tr> <td>5040942</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.1000.169 - 14.0.2052.1</td> <td>KB 5029375 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5040944</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7000.253 - 13.0.7029.3</td> <td>KB 5029187 - SQL2016 Azure Connect Feature Pack</td> </tr> <tr> <td>5040946</td> <td>Security update for SQL Server 2016RTM+GDR</td> <td>13.0.6300.2 - 13.0.6435.1</td> <td>KB 5029186 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2024-37329 Heap-based Buffer Overflow 11478 11821 12048 12053 12145 12147 12355 12354 Remote Code Execution 11478 Remote Code Execution 11821 Remote Code Execution 12048 Remote Code Execution 12053 Remote Code Execution 12145 Remote Code Execution 12147 Remote Code Execution 12355 Remote Code Execution 12354 Important 11478 Important 11821 Important 12048 Important 12053 Important 12145 Important 12147 Important 12355 Important 12354 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12355 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12354 5040942 https://www.microsoft.com/download/details.aspx?familyid=2969833a-66eb-46f9-a63b-fed652d29e55 11478 Maybe Security Update 14.0.2056.2 https://support.microsoft.com/help/5040942 11478 5040942 5040986 https://www.microsoft.com/download/details.aspx?familyid=54e6afd1-d83d-4542-8aae-6d4cd8a53a78 11821 Yes Security Update 15.0.2116.2 https://support.microsoft.com/help/5040986 11821 5040986 5040946 https://www.microsoft.com/download/details.aspx?familyid=5df9fdcd-6063-4709-8a46-d6e62ce83660 12048 Maybe Security Update 13.0.6441.1 https://support.microsoft.com/help/5040946 12048 5040946 5040944 https://www.microsoft.com/download/details.aspx?familyid=e24660af-2544-4d08-a639-fd5dc1d04292 12053 Maybe Security Update 13.0.7037.1 https://support.microsoft.com/help/5040944 12053 5040944 5040940 https://www.microsoft.com/download/details.aspx?familyid=aa8cdbcf-6dec-4876-864c-55193525d190 12145 Maybe Security Update 14.0.3471.2 https://support.microsoft.com/help/5040940 12145 5040940 5040936 https://www.microsoft.com/download/details.aspx?familyid=7aa8e5e5-86f3-45d9-a539-af03e1ea1f63 12147 Yes Security Update 16.0.1121.4 https://support.microsoft.com/help/5040936 12147 5040936 5040948 https://www.microsoft.com/download/details.aspx?familyid=1eb429b7-b226-4364-ad7c-405d30b37d1b 12355 Yes Security Update 15.0.4382.1 https://support.microsoft.com/help/5040948 12355 5040948 5040939 https://www.microsoft.com/download/details.aspx?familyid=8c3fdef0-6b0d-4a72-8438-d91f6d23b685 12354 Yes Security Update 16.0.4131.2 https://support.microsoft.com/help/5040939 12354 5040939 Anonymous 1.0 2024-07-09T07:00:00 <p>Information published.</p> SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5040939</td> <td>Security update for SQL Server 2022 CU13+GDR</td> <td>16.0.4003.1 - 16.0.4125.3</td> <td>KB 5036432 - SQL2022 RTM CU13</td> </tr> <tr> <td>5040936</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1000.6 - 16.0.1115.1</td> <td>KB 5035432 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5040948</td> <td>Security update for SQL Server 2019 CU27+GDR</td> <td>15.0.4003.23 - 15.0.4375.4</td> <td>KB 5037331 - SQL2019 RTM CU27</td> </tr> <tr> <td>5040986</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2000.5 - 15.0.2110.4</td> <td>KB 5035434 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5040940</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3006.16 - 14.0.3465.1</td> <td>KB 5029376 - SQL2017 RTM CU31</td> </tr> <tr> <td>5040942</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.1000.169 - 14.0.2052.1</td> <td>KB 5029375 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5040944</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7000.253 - 13.0.7029.3</td> <td>KB 5029187 - SQL2016 Azure Connect Feature Pack</td> </tr> <tr> <td>5040946</td> <td>Security update for SQL Server 2016RTM+GDR</td> <td>13.0.6300.2 - 13.0.6435.1</td> <td>KB 5029186 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2024-37330 Heap-based Buffer Overflow 11478 11821 12048 12053 12145 12147 12355 12354 Remote Code Execution 11478 Remote Code Execution 11821 Remote Code Execution 12048 Remote Code Execution 12053 Remote Code Execution 12145 Remote Code Execution 12147 Remote Code Execution 12355 Remote Code Execution 12354 Important 11478 Important 11821 Important 12048 Important 12053 Important 12145 Important 12147 Important 12355 Important 12354 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12355 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12354 5040942 https://www.microsoft.com/download/details.aspx?familyid=2969833a-66eb-46f9-a63b-fed652d29e55 11478 Maybe Security Update 14.0.2056.2 https://support.microsoft.com/help/5040942 11478 5040942 5040986 https://www.microsoft.com/download/details.aspx?familyid=54e6afd1-d83d-4542-8aae-6d4cd8a53a78 11821 Yes Security Update 15.0.2116.2 https://support.microsoft.com/help/5040986 11821 5040986 5040946 https://www.microsoft.com/download/details.aspx?familyid=5df9fdcd-6063-4709-8a46-d6e62ce83660 12048 Maybe Security Update 13.0.6441.1 https://support.microsoft.com/help/5040946 12048 5040946 5040944 https://www.microsoft.com/download/details.aspx?familyid=e24660af-2544-4d08-a639-fd5dc1d04292 12053 Maybe Security Update 13.0.7037.1 https://support.microsoft.com/help/5040944 12053 5040944 5040940 https://www.microsoft.com/download/details.aspx?familyid=aa8cdbcf-6dec-4876-864c-55193525d190 12145 Maybe Security Update 14.0.3471.2 https://support.microsoft.com/help/5040940 12145 5040940 5040936 https://www.microsoft.com/download/details.aspx?familyid=7aa8e5e5-86f3-45d9-a539-af03e1ea1f63 12147 Yes Security Update 16.0.1121.4 https://support.microsoft.com/help/5040936 12147 5040936 5040948 https://www.microsoft.com/download/details.aspx?familyid=1eb429b7-b226-4364-ad7c-405d30b37d1b 12355 Yes Security Update 15.0.4382.1 https://support.microsoft.com/help/5040948 12355 5040948 5040939 https://www.microsoft.com/download/details.aspx?familyid=8c3fdef0-6b0d-4a72-8438-d91f6d23b685 12354 Yes Security Update 16.0.4131.2 https://support.microsoft.com/help/5040939 12354 5040939 Anonymous 1.0 2024-07-09T07:00:00 <p>Information published.</p> Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5040939</td> <td>Security update for SQL Server 2022 CU13+GDR</td> <td>16.0.4003.1 - 16.0.4125.3</td> <td>KB 5036432 - SQL2022 RTM CU13</td> </tr> <tr> <td>5040936</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1000.6 - 16.0.1115.1</td> <td>KB 5035432 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5040948</td> <td>Security update for SQL Server 2019 CU27+GDR</td> <td>15.0.4003.23 - 15.0.4375.4</td> <td>KB 5037331 - SQL2019 RTM CU27</td> </tr> <tr> <td>5040986</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2000.5 - 15.0.2110.4</td> <td>KB 5035434 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5040940</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3006.16 - 14.0.3465.1</td> <td>KB 5029376 - SQL2017 RTM CU31</td> </tr> <tr> <td>5040942</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.1000.169 - 14.0.2052.1</td> <td>KB 5029375 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5040944</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7000.253 - 13.0.7029.3</td> <td>KB 5029187 - SQL2016 Azure Connect Feature Pack</td> </tr> <tr> <td>5040946</td> <td>Security update for SQL Server 2016RTM+GDR</td> <td>13.0.6300.2 - 13.0.6435.1</td> <td>KB 5029186 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2024-37334 Heap-based Buffer Overflow 11821 12147 12180 12181 12354 12355 Remote Code Execution 11821 Remote Code Execution 12147 Remote Code Execution 12180 Remote Code Execution 12181 Remote Code Execution 12354 Remote Code Execution 12355 Important 11821 Important 12147 Important 12180 Important 12181 Important 12354 Important 12355 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12180 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12181 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12354 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12355 5040986 https://www.microsoft.com/download/details.aspx?familyid=54e6afd1-d83d-4542-8aae-6d4cd8a53a78 11821 Yes Security Update 15.0.2116.2 https://support.microsoft.com/help/5040986 11821 5040986 5040936 https://www.microsoft.com/download/details.aspx?familyid=7aa8e5e5-86f3-45d9-a539-af03e1ea1f63 12147 Yes Security Update 16.0.1121.4 https://support.microsoft.com/help/5040936 12147 5040936 5040712 https://learn.microsoft.com/sql/connect/oledb/release-notes-for-oledb-driver-for-sql-server#1935 12180 Maybe Security Update 19.3.0005.0 https://support.microsoft.com/help/5040712 12180 5040712 5040711 https://learn.microsoft.com/sql/connect/oledb/release-notes-for-oledb-driver-for-sql-server#1874 12181 Maybe Security Update 18.7.0004.0 https://support.microsoft.com/help/5040711 12181 5040711 5040939 https://www.microsoft.com/download/details.aspx?familyid=8c3fdef0-6b0d-4a72-8438-d91f6d23b685 12354 Yes Security Update 16.0.4131.2 https://support.microsoft.com/help/5040939 12354 5040939 5040948 https://www.microsoft.com/download/details.aspx?familyid=1eb429b7-b226-4364-ad7c-405d30b37d1b 12355 Yes Security Update 15.0.4382.1 https://support.microsoft.com/help/5040948 12355 5040948 Anonymous 1.0 2024-07-09T07:00:00 <p>Information published.</p> SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5040939</td> <td>Security update for SQL Server 2022 CU13+GDR</td> <td>16.0.4003.1 - 16.0.4125.3</td> <td>KB 5036432 - SQL2022 RTM CU13</td> </tr> <tr> <td>5040936</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1000.6 - 16.0.1115.1</td> <td>KB 5035432 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5040948</td> <td>Security update for SQL Server 2019 CU27+GDR</td> <td>15.0.4003.23 - 15.0.4375.4</td> <td>KB 5037331 - SQL2019 RTM CU27</td> </tr> <tr> <td>5040986</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2000.5 - 15.0.2110.4</td> <td>KB 5035434 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5040940</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3006.16 - 14.0.3465.1</td> <td>KB 5029376 - SQL2017 RTM CU31</td> </tr> <tr> <td>5040942</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.1000.169 - 14.0.2052.1</td> <td>KB 5029375 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5040944</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7000.253 - 13.0.7029.3</td> <td>KB 5029187 - SQL2016 Azure Connect Feature Pack</td> </tr> <tr> <td>5040946</td> <td>Security update for SQL Server 2016RTM+GDR</td> <td>13.0.6300.2 - 13.0.6435.1</td> <td>KB 5029186 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2024-37333 Heap-based Buffer Overflow 11478 11821 12048 12053 12145 12147 12355 12354 Remote Code Execution 11478 Remote Code Execution 11821 Remote Code Execution 12048 Remote Code Execution 12053 Remote Code Execution 12145 Remote Code Execution 12147 Remote Code Execution 12355 Remote Code Execution 12354 Important 11478 Important 11821 Important 12048 Important 12053 Important 12145 Important 12147 Important 12355 Important 12354 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12355 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12354 5040942 https://www.microsoft.com/download/details.aspx?familyid=2969833a-66eb-46f9-a63b-fed652d29e55 11478 Maybe Security Update 14.0.2056.2 https://support.microsoft.com/help/5040942 11478 5040942 5040986 https://www.microsoft.com/download/details.aspx?familyid=54e6afd1-d83d-4542-8aae-6d4cd8a53a78 11821 Yes Security Update 15.0.2116.2 https://support.microsoft.com/help/5040986 11821 5040986 5040946 https://www.microsoft.com/download/details.aspx?familyid=5df9fdcd-6063-4709-8a46-d6e62ce83660 12048 Maybe Security Update 13.0.6441.1 https://support.microsoft.com/help/5040946 12048 5040946 5040944 https://www.microsoft.com/download/details.aspx?familyid=e24660af-2544-4d08-a639-fd5dc1d04292 12053 Maybe Security Update 13.0.7037.1 https://support.microsoft.com/help/5040944 12053 5040944 5040940 https://www.microsoft.com/download/details.aspx?familyid=aa8cdbcf-6dec-4876-864c-55193525d190 12145 Maybe Security Update 14.0.3471.2 https://support.microsoft.com/help/5040940 12145 5040940 5040936 https://www.microsoft.com/download/details.aspx?familyid=7aa8e5e5-86f3-45d9-a539-af03e1ea1f63 12147 Yes Security Update 16.0.1121.4 https://support.microsoft.com/help/5040936 12147 5040936 5040948 https://www.microsoft.com/download/details.aspx?familyid=1eb429b7-b226-4364-ad7c-405d30b37d1b 12355 Yes Security Update 15.0.4382.1 https://support.microsoft.com/help/5040948 12355 5040948 5040939 https://www.microsoft.com/download/details.aspx?familyid=8c3fdef0-6b0d-4a72-8438-d91f6d23b685 12354 Yes Security Update 16.0.4131.2 https://support.microsoft.com/help/5040939 12354 5040939 <a href="https://twitter.com/guhe120">Yuki Chen</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5040939</td> <td>Security update for SQL Server 2022 CU13+GDR</td> <td>16.0.4003.1 - 16.0.4125.3</td> <td>KB 5036432 - SQL2022 RTM CU13</td> </tr> <tr> <td>5040936</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1000.6 - 16.0.1115.1</td> <td>KB 5035432 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5040948</td> <td>Security update for SQL Server 2019 CU27+GDR</td> <td>15.0.4003.23 - 15.0.4375.4</td> <td>KB 5037331 - SQL2019 RTM CU27</td> </tr> <tr> <td>5040986</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2000.5 - 15.0.2110.4</td> <td>KB 5035434 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5040940</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3006.16 - 14.0.3465.1</td> <td>KB 5029376 - SQL2017 RTM CU31</td> </tr> <tr> <td>5040942</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.1000.169 - 14.0.2052.1</td> <td>KB 5029375 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5040944</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7000.253 - 13.0.7029.3</td> <td>KB 5029187 - SQL2016 Azure Connect Feature Pack</td> </tr> <tr> <td>5040946</td> <td>Security update for SQL Server 2016RTM+GDR</td> <td>13.0.6300.2 - 13.0.6435.1</td> <td>KB 5029186 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2024-37336 Integer Overflow or Wraparound 11478 11821 12048 12053 12145 12147 12354 12355 Remote Code Execution 11478 Remote Code Execution 11821 Remote Code Execution 12048 Remote Code Execution 12053 Remote Code Execution 12145 Remote Code Execution 12147 Remote Code Execution 12354 Remote Code Execution 12355 Important 11478 Important 11821 Important 12048 Important 12053 Important 12145 Important 12147 Important 12354 Important 12355 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12354 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12355 5040942 https://www.microsoft.com/download/details.aspx?familyid=2969833a-66eb-46f9-a63b-fed652d29e55 11478 Maybe Security Update 14.0.2056.2 https://support.microsoft.com/help/5040942 11478 5040942 5040986 https://www.microsoft.com/download/details.aspx?familyid=54e6afd1-d83d-4542-8aae-6d4cd8a53a78 11821 Yes Security Update 15.0.2116.2 https://support.microsoft.com/help/5040986 11821 5040986 5040946 https://www.microsoft.com/download/details.aspx?familyid=5df9fdcd-6063-4709-8a46-d6e62ce83660 12048 Maybe Security Update 13.0.6441.1 https://support.microsoft.com/help/5040946 12048 5040946 5040944 https://www.microsoft.com/download/details.aspx?familyid=e24660af-2544-4d08-a639-fd5dc1d04292 12053 Maybe Security Update 13.0.7037.1 https://support.microsoft.com/help/5040944 12053 5040944 5040940 https://www.microsoft.com/download/details.aspx?familyid=aa8cdbcf-6dec-4876-864c-55193525d190 12145 Maybe Security Update 14.0.3471.2 https://support.microsoft.com/help/5040940 12145 5040940 5040936 https://www.microsoft.com/download/details.aspx?familyid=7aa8e5e5-86f3-45d9-a539-af03e1ea1f63 12147 Yes Security Update 16.0.1121.4 https://support.microsoft.com/help/5040936 12147 5040936 5040939 https://www.microsoft.com/download/details.aspx?familyid=8c3fdef0-6b0d-4a72-8438-d91f6d23b685 12354 Yes Security Update 16.0.4131.2 https://support.microsoft.com/help/5040939 12354 5040939 5040948 https://www.microsoft.com/download/details.aspx?familyid=1eb429b7-b226-4364-ad7c-405d30b37d1b 12355 Yes Security Update 15.0.4382.1 https://support.microsoft.com/help/5040948 12355 5040948 <a href="https://twitter.com/guhe120">Yuki Chen</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5040939</td> <td>Security update for SQL Server 2022 CU13+GDR</td> <td>16.0.4003.1 - 16.0.4125.3</td> <td>KB 5036432 - SQL2022 RTM CU13</td> </tr> <tr> <td>5040936</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1000.6 - 16.0.1115.1</td> <td>KB 5035432 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5040948</td> <td>Security update for SQL Server 2019 CU27+GDR</td> <td>15.0.4003.23 - 15.0.4375.4</td> <td>KB 5037331 - SQL2019 RTM CU27</td> </tr> <tr> <td>5040986</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2000.5 - 15.0.2110.4</td> <td>KB 5035434 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5040940</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3006.16 - 14.0.3465.1</td> <td>KB 5029376 - SQL2017 RTM CU31</td> </tr> <tr> <td>5040942</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.1000.169 - 14.0.2052.1</td> <td>KB 5029375 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5040944</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7000.253 - 13.0.7029.3</td> <td>KB 5029187 - SQL2016 Azure Connect Feature Pack</td> </tr> <tr> <td>5040946</td> <td>Security update for SQL Server 2016RTM+GDR</td> <td>13.0.6300.2 - 13.0.6435.1</td> <td>KB 5029186 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2024-28928 Stack-based Buffer Overflow 11478 11821 12048 12053 12145 12147 12354 12355 Remote Code Execution 11478 Remote Code Execution 11821 Remote Code Execution 12048 Remote Code Execution 12053 Remote Code Execution 12145 Remote Code Execution 12147 Remote Code Execution 12354 Remote Code Execution 12355 Important 11478 Important 11821 Important 12048 Important 12053 Important 12145 Important 12147 Important 12354 Important 12355 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12354 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12355 5040942 https://www.microsoft.com/download/details.aspx?familyid=2969833a-66eb-46f9-a63b-fed652d29e55 11478 Maybe Security Update 14.0.2056.2 https://support.microsoft.com/help/5040942 11478 5040942 5040986 https://www.microsoft.com/download/details.aspx?familyid=54e6afd1-d83d-4542-8aae-6d4cd8a53a78 11821 Yes Security Update 15.0.2116.2 https://support.microsoft.com/help/5040986 11821 5040986 5040946 https://www.microsoft.com/download/details.aspx?familyid=5df9fdcd-6063-4709-8a46-d6e62ce83660 12048 Maybe Security Update 13.0.6441.1 https://support.microsoft.com/help/5040946 12048 5040946 5040944 https://www.microsoft.com/download/details.aspx?familyid=e24660af-2544-4d08-a639-fd5dc1d04292 12053 Maybe Security Update 13.0.7037.1 https://support.microsoft.com/help/5040944 12053 5040944 5040940 https://www.microsoft.com/download/details.aspx?familyid=aa8cdbcf-6dec-4876-864c-55193525d190 12145 Maybe Security Update 14.0.3471.2 https://support.microsoft.com/help/5040940 12145 5040940 5040936 https://www.microsoft.com/download/details.aspx?familyid=7aa8e5e5-86f3-45d9-a539-af03e1ea1f63 12147 Yes Security Update 16.0.1121.4 https://support.microsoft.com/help/5040936 12147 5040936 5040939 https://www.microsoft.com/download/details.aspx?familyid=8c3fdef0-6b0d-4a72-8438-d91f6d23b685 12354 Yes Security Update 16.0.4131.2 https://support.microsoft.com/help/5040939 12354 5040939 5040948 https://www.microsoft.com/download/details.aspx?familyid=1eb429b7-b226-4364-ad7c-405d30b37d1b 12355 Yes Security Update 15.0.4382.1 https://support.microsoft.com/help/5040948 12355 5040948 Anonymous 1.0 2024-07-09T07:00:00 <p>Information published.</p> SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.</p> <p><strong>I am running SQL Server on my system. What action do I need to take?</strong></p> <p>Update your relevant version of SQL Server. Any applicable driver fixes are included in those updates.</p> <p><strong>I am running my own application on my system. What action do I need to take?</strong></p> <p>Update your application to use Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed on this page, which provide protection against this vulnerability.</p> <p><strong>I am running an application from a software vendor on my system. What action do I need to take?</strong></p> <p>Consult with your application vendor if it is compatible with Microsoft OLE DB Driver 18 or 19. Update the drivers to the versions listed in this page, which provide protection against this vulnerability</p> <p><strong>There are GDR and/or CU (Cumulative Update) updates offered for my version of SQL Server. How do I know which update to use?</strong></p> <ul> <li>First, determine your SQL Server version number. For more information on determining your SQL Server version number, see <a href="https://learn.microsoft.com/en-us/troubleshoot/sql/releases/download-and-install-latest-updates">Microsoft Knowledge Base Article 321185</a> - How to determine the version, edition, and update level of SQL Server and its components.</li> <li>Second, in the table below, locate your version number or the version range that your version number falls within. The corresponding update is the one you need to install.</li> </ul> <p><strong>Note</strong> If your SQL Server version number is not represented in the table below, your SQL Server version is no longer supported. Please upgrade to the latest Service Pack or SQL Server product in order to apply this and future security updates.</p> <table> <thead> <tr> <th>Update Number</th> <th>Title</th> <th>Apply if current product version is…</th> <th>This security update also includes servicing releases up through…</th> </tr> </thead> <tbody> <tr> <td>5040939</td> <td>Security update for SQL Server 2022 CU13+GDR</td> <td>16.0.4003.1 - 16.0.4125.3</td> <td>KB 5036432 - SQL2022 RTM CU13</td> </tr> <tr> <td>5040936</td> <td>Security update for SQL Server 2022 RTM+GDR</td> <td>16.0.1000.6 - 16.0.1115.1</td> <td>KB 5035432 - Previous SQL2022 RTM GDR</td> </tr> <tr> <td>5040948</td> <td>Security update for SQL Server 2019 CU27+GDR</td> <td>15.0.4003.23 - 15.0.4375.4</td> <td>KB 5037331 - SQL2019 RTM CU27</td> </tr> <tr> <td>5040986</td> <td>Security update for SQL Server 2019 RTM+GDR</td> <td>15.0.2000.5 - 15.0.2110.4</td> <td>KB 5035434 - Previous SQL2019 RTM GDR</td> </tr> <tr> <td>5040940</td> <td>Security update for SQL Server 2017 CU31+GDR</td> <td>14.0.3006.16 - 14.0.3465.1</td> <td>KB 5029376 - SQL2017 RTM CU31</td> </tr> <tr> <td>5040942</td> <td>Security update for SQL Server 2017 RTM+GDR</td> <td>14.0.1000.169 - 14.0.2052.1</td> <td>KB 5029375 - Previous SQL2017 RTM GDR</td> </tr> <tr> <td>5040944</td> <td>Security update for SQL 2016 Azure Connect Feature Pack</td> <td>13.0.7000.253 - 13.0.7029.3</td> <td>KB 5029187 - SQL2016 Azure Connect Feature Pack</td> </tr> <tr> <td>5040946</td> <td>Security update for SQL Server 2016RTM+GDR</td> <td>13.0.6300.2 - 13.0.6435.1</td> <td>KB 5029186 - Previous SQL2016 RTM GDR</td> </tr> </tbody> </table> <p><strong>What are the GDR and CU update designations and how do they differ?</strong></p> <p>The General Distribution Release (GDR) and Cumulative Update (CU) designations correspond to the two different servicing options in place for SQL Server baseline releases. A baseline can be either an RTM release or a Service Pack release.</p> <ul> <li>GDR updates – cumulatively only contain security updates for the given baseline.</li> <li>CU updates – cumulatively contain all functional fixes and security updates for the given baseline.</li> </ul> <p>For any given baseline, either the GDR or CU updates could be options (see below).</p> <ul> <li>If SQL Server installation is at a baseline version, you can choose either the GDR or CU update.</li> <li>If SQL Server installation has intentionally only installed past GDR updates, then choose to install the GDR update package.</li> <li>If SQL Server installation has intentionally installed previous CU updates, then chose to install the CU security update package.</li> </ul> <p><strong>Note:</strong> You are allowed to make a change from GDR updates to CU updates ONE TIME. Once a SQL Server CU update is applied to a SQL Server installation, there is NO way to go back to the GDR update path.</p> <p><strong>Can the security updates be applied to SQL Server instances on Windows Azure (IaaS)?</strong></p> <p>Yes. SQL Server instances on Windows Azure (IaaS) can be offered the security updates through Microsoft Update, or customers can download the security updates from Microsoft Download Center and apply them manually.</p> SQL Server Microsoft Yes CVE-2024-35256 Heap-based Buffer Overflow 11478 11821 12048 12053 12145 12147 12354 12355 Remote Code Execution 11478 Remote Code Execution 11821 Remote Code Execution 12048 Remote Code Execution 12053 Remote Code Execution 12145 Remote Code Execution 12147 Remote Code Execution 12354 Remote Code Execution 12355 Important 11478 Important 11821 Important 12048 Important 12053 Important 12145 Important 12147 Important 12354 Important 12355 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11478 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11821 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12048 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12053 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12145 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12147 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12354 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12355 5040942 https://www.microsoft.com/download/details.aspx?familyid=2969833a-66eb-46f9-a63b-fed652d29e55 11478 Maybe Security Update 14.0.2056.2 https://support.microsoft.com/help/5040942 11478 5040942 5040986 https://www.microsoft.com/download/details.aspx?familyid=54e6afd1-d83d-4542-8aae-6d4cd8a53a78 11821 Yes Security Update 15.0.2116.2 https://support.microsoft.com/help/5040986 11821 5040986 5040946 https://www.microsoft.com/download/details.aspx?familyid=5df9fdcd-6063-4709-8a46-d6e62ce83660 12048 Maybe Security Update 13.0.6441.1 https://support.microsoft.com/help/5040946 12048 5040946 5040944 https://www.microsoft.com/download/details.aspx?familyid=e24660af-2544-4d08-a639-fd5dc1d04292 12053 Maybe Security Update 13.0.7037.1 https://support.microsoft.com/help/5040944 12053 5040944 5040940 https://www.microsoft.com/download/details.aspx?familyid=aa8cdbcf-6dec-4876-864c-55193525d190 12145 Maybe Security Update 14.0.3471.2 https://support.microsoft.com/help/5040940 12145 5040940 5040936 https://www.microsoft.com/download/details.aspx?familyid=7aa8e5e5-86f3-45d9-a539-af03e1ea1f63 12147 Yes Security Update 16.0.1121.4 https://support.microsoft.com/help/5040936 12147 5040936 5040939 https://www.microsoft.com/download/details.aspx?familyid=8c3fdef0-6b0d-4a72-8438-d91f6d23b685 12354 Yes Security Update 16.0.4131.2 https://support.microsoft.com/help/5040939 12354 5040939 5040948 https://www.microsoft.com/download/details.aspx?familyid=1eb429b7-b226-4364-ad7c-405d30b37d1b 12355 Yes Security Update 15.0.4382.1 https://support.microsoft.com/help/5040948 12355 5040948 Anonymous 1.0 2024-07-09T07:00:00 <p>Information published.</p> Secure Boot Security Feature Bypass Vulnerability <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>An unauthenticated attacker with LAN access could exploit this vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>An unauthorized attacker must wait for a user to initiate a connection.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p> Windows Secure Boot Microsoft Yes CVE-2024-37971 Stack-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Secure Boot Security Feature Bypass Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>An unauthorized attacker must wait for a user to initiate a connection.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p> <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>An authenticated attacker could exploit this vulnerability with LAN access.</p> Windows Secure Boot Microsoft Yes CVE-2024-37972 Stack-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Secure Boot Security Feature Bypass Vulnerability <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>An unauthenticated attacker with LAN access could exploit this vulnerability.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p> Windows Secure Boot Microsoft Yes CVE-2024-37973 Uncontrolled Recursion 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.1 2024-07-31T07:00:00 <p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Secure Boot Security Feature Bypass Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>An unauthorized attacker must wait for a user to initiate a connection.</p> <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>An unauthenticated attacker with LAN access could exploit this vulnerability.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p> Windows Secure Boot Microsoft Yes CVE-2024-37975 Integer Underflow (Wrap or Wraparound) 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Secure Boot Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p> <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>An unauthenticated attacker with LAN access could exploit this vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>An unauthorized attacker must wait for a user to initiate a connection.</p> Windows Secure Boot Microsoft Yes CVE-2024-37977 Heap-based Buffer Overflow 11923 11924 11926 11927 12085 12086 12242 12243 12244 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Important 11923 Important 11924 Important 11926 Important 11927 Important 12085 Important 12086 Important 12242 Important 12243 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Secure Boot Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p> <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>An unauthenticated attacker with LAN access could exploit this vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>An unauthorized attacker must wait for a user to initiate a connection.</p> Windows Secure Boot Microsoft Yes CVE-2024-37978 Stack-based Buffer Overflow 12085 12086 12242 12243 12244 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Important 12085 Important 12086 Important 12242 Important 12243 Important 12244 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Secure Boot Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p> Windows Secure Boot Microsoft Yes CVE-2024-37984 Stack-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.4 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 Maxim Suhanov (MTS RED, dfir.ru) 1.0 2024-07-09T07:00:00 <p>Information published.</p> Secure Boot Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p> <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>An unauthenticated attacker with LAN access could exploit this vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>An unauthorized attacker must wait for a user to initiate a connection.</p> Windows Secure Boot Microsoft Yes CVE-2024-37988 Improper Handling of Length Parameter Inconsistency 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Secure Boot Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p> <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>An unauthenticated attacker with LAN access could exploit this vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>An unauthorized attacker must wait for a user to initiate a connection.</p> Windows Secure Boot Microsoft Yes CVE-2024-37989 Improper Handling of Length Parameter Inconsistency 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Secure Boot Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p> <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>An unauthenticated attacker with LAN access could exploit this vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>An unauthorized attacker must wait for a user to initiate a connection.</p> Windows Secure Boot Microsoft Yes CVE-2024-38010 Improper Handling of Length Parameter Inconsistency 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Secure Boot Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p> <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>An unauthenticated attacker with LAN access could exploit this vulnerability.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?</strong></p> <p>An unauthorized attacker must wait for a user to initiate a connection.</p> Windows Secure Boot Microsoft Yes CVE-2024-38011 Improper Handling of Length Parameter Inconsistency 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.0 7.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 <a href="https://twitter.com/4zure9">Azure Yang</a> with <a href="http://www.cyberkl.com/">Kunlun Lab</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Microsoft Message Queuing Information Disclosure Vulnerability <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.</p> Windows Message Queuing Microsoft Yes CVE-2024-38017 Exposure of Sensitive Information to an Unauthorized Actor 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Information Disclosure 11568 Information Disclosure 11569 Information Disclosure 11571 Information Disclosure 11572 Information Disclosure 11923 Information Disclosure 11924 Information Disclosure 11926 Information Disclosure 11927 Information Disclosure 11929 Information Disclosure 11930 Information Disclosure 11931 Information Disclosure 12085 Information Disclosure 12086 Information Disclosure 12097 Information Disclosure 12098 Information Disclosure 12099 Information Disclosure 12242 Information Disclosure 12243 Information Disclosure 12244 Information Disclosure 10729 Information Disclosure 10735 Information Disclosure 10852 Information Disclosure 10853 Information Disclosure 10816 Information Disclosure 10855 Information Disclosure 9312 Information Disclosure 10287 Information Disclosure 9318 Information Disclosure 9344 Information Disclosure 10051 Information Disclosure 10049 Information Disclosure 10378 Information Disclosure 10379 Information Disclosure 10483 Information Disclosure 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11568 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11569 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11571 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11572 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11923 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11924 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11926 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11927 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11929 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11930 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 11931 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12085 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12086 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12097 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12098 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12099 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12242 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12243 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 12244 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10729 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10735 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10852 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10853 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10816 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10855 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 9312 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10287 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 9318 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 9344 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10051 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10049 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10378 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10379 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10483 5.5 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040499 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040499 5039245 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22769 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040499 5040499 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040490 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040490 9312 10287 9318 9344 Yes Security Only 6.0.6003.22769 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040490 5040490 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040497 5039289 10051 10049 Yes Monthly Rollup 6.1.7601.27219 https://support.microsoft.com/help/5040497 10051 10049 5040497 5040497 https://support.microsoft.com/help/5040497 10051 10049 5040498 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040498 10051 10049 Yes Security Only 6.1.7601.27219 https://support.microsoft.com/help/5040498 10051 10049 5040498 5040498 https://support.microsoft.com/help/5040498 10051 10049 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 cdpython with <a href="https://alpinelab.io/">AlpineLab</a> 9oat with <a href="https://alpinelab.io/">AlpineLab</a> <a href="https://g3un.com/">g3un</a> with <a href="https://alpinelab.io/">AlpineLab</a> cdpython, 9oat and <a href="https://g3un.com/">g3un</a> with <a href="https://alpinelab.io/">AlpineLab</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>To successfully exploit this vulnerability, an attacker or the targeted user would need to achieve a high level of control over a machine, as the attack requires access to processes typically restricted from average users.</p> <p>Essentially, the exploitation necessitates elevated privileges on the compromised machine due to the requirement of manipulating processes beyond the reach of standard user permissions.</p> Windows Performance Monitor Microsoft Yes CVE-2024-38019 Integer Overflow or Wraparound 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040499 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040499 5039245 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22769 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040499 5040499 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040490 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040490 9312 10287 9318 9344 Yes Security Only 6.0.6003.22769 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040490 5040490 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040497 5039289 10051 10049 Yes Monthly Rollup 6.1.7601.27219 https://support.microsoft.com/help/5040497 10051 10049 5040497 5040497 https://support.microsoft.com/help/5040497 10051 10049 5040498 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040498 10051 10049 Yes Security Only 6.1.7601.27219 https://support.microsoft.com/help/5040498 10051 10049 5040498 5040498 https://support.microsoft.com/help/5040498 10051 10049 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 <a href="https://twitter.com/afang5472">Fangming Gu</a> <a href="https://github.com/q1ngh3/">Qinghe Xie</a> Anonymous 1.0 2024-07-09T07:00:00 <p>Information published.</p> Microsoft Outlook Spoofing Vulnerability <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file.</p> <ul> <li>In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.</li> <li>In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.</li> </ul> <p>An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.</p> <p><strong>What type of information could be disclosed by this vulnerability?</strong></p> <p>Exploiting this vulnerability could allow the disclosure of NTLM hashes.</p> Microsoft Office Outlook Microsoft Yes CVE-2024-38020 Exposure of Sensitive Information to an Unauthorized Actor 11573 11574 11762 11763 11952 11953 10753 10754 10765 10766 Spoofing 11573 Spoofing 11574 Spoofing 11762 Spoofing 11763 Spoofing 11952 Spoofing 11953 Spoofing 10753 Spoofing 10754 Spoofing 10765 Spoofing 10766 Moderate 11573 Moderate 11574 Moderate 11762 Moderate 11763 Moderate 11952 Moderate 11953 Moderate 10753 Moderate 10754 Moderate 10765 Moderate 10766 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11573 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11574 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11762 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11763 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11952 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11953 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10753 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10754 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10765 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10766 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 Click to Run 5002620 https://www.microsoft.com/download/details.aspx?familyid=551537f5-7e16-48b5-85ca-c404e2ba169b 5002591 10753 Maybe Security Update 16.0.5456.1000 https://support.microsoft.com/help/5002620 10753 5002620 5002620 https://www.microsoft.com/download/details.aspx?familyid=1b291f85-2c27-4070-8e56-9db69327be97 5002591 10754 Maybe Security Update 16.0.5456.1000 https://support.microsoft.com/help/5002620 10754 5002620 5002621 https://www.microsoft.com/download/details.aspx?familyid=f6f213d7-e748-4a82-b0d4-691a7ce940fb 5002600 10765 Maybe Security Update 16.0.5456.1000 https://support.microsoft.com/help/5002621 10765 5002621 5002621 https://www.microsoft.com/download/details.aspx?familyid=1d894e24-55db-497b-8932-486c669e3a54 5002600 10766 Maybe Security Update 16.0.5456.1000 https://support.microsoft.com/help/5002621 10766 5002621 <a href="https://jimsrush/">JimSRush</a> with <a href="https://privsec.nz/">PrivSec Consulting</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Microsoft Outlook Remote Code Execution Vulnerability <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality.</p> <p><strong>According to the CVSS metric, the attack vector is network (AV:N) and user interaction is required (UI:R). What is the target context of the remote code execution?</strong></p> <p>This attack requires a user to allow blocked content sent from an external attacker to initiate remote code execution.</p> <p><strong>Is the Preview Pane an attack vector for this vulnerability?</strong></p> <p>No, the Preview Pane is not an attack vector.</p> <p><strong>How could the attacker exploit this vulnerability?</strong></p> <p>An attacker could craft a malicious link that bypasses the Protected View Protocol, which could lead remote code execution (RCE).</p> Microsoft Office Microsoft Yes CVE-2024-38021 Improper Input Validation 11573 11574 11762 11763 11952 11953 10753 10754 Remote Code Execution 11573 Remote Code Execution 11574 Remote Code Execution 11762 Remote Code Execution 11763 Remote Code Execution 11952 Remote Code Execution 11953 Remote Code Execution 10753 Remote Code Execution 10754 Important 11573 Important 11574 Important 11762 Important 11763 Important 11952 Important 11953 Important 10753 Important 10754 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11573 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11574 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11762 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11763 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11952 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11953 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10753 8.8 7.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10754 Click to Run 11573 11574 11762 11763 11952 11953 No Security Update https://aka.ms/OfficeSecurityReleases https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates 11573 11574 11762 11763 11952 11953 Click to Run 5002620 https://www.microsoft.com/download/details.aspx?familyid=551537f5-7e16-48b5-85ca-c404e2ba169b 5002591 10753 Maybe Security Update 16.0.5456.1000 https://support.microsoft.com/help/5002620 10753 5002620 5002620 https://www.microsoft.com/download/details.aspx?familyid=1b291f85-2c27-4070-8e56-9db69327be97 5002591 10754 Maybe Security Update 16.0.5456.1000 https://support.microsoft.com/help/5002620 10754 5002620 <a href="https://x.com/osipov_ar">Arnold Osipov</a> with <a href="https://www.morphisec.com/">Morphisec</a> <a href="https://www.linkedin.com/in/shmuel-uzan-aa21ab158/">Shmuel Uzan</a> with <a href="https://www.morphisec.com/">Morphisec</a> <a href="https://www.linkedin.com/in/smgoreli/">Michael Gorelik</a> with <a href="https://www.morphisec.com/">Morphisec</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> 1.1 2024-07-10T07:00:00 <p>Corrected CVE title. This is an informational change only.</p> Windows Line Printer Daemon Service Denial of Service Vulnerability <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>An unauthenticated attacker with LAN access could exploit this vulnerability.</p> Line Printer Daemon Service (LPD) Microsoft Yes CVE-2024-38027 Uncontrolled Resource Consumption 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040499 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040499 5039245 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22769 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040499 5040499 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040490 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040490 9312 10287 9318 9344 Yes Security Only 6.0.6003.22769 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040490 5040490 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040497 5039289 10051 10049 Yes Monthly Rollup 6.1.7601.27219 https://support.microsoft.com/help/5040497 10051 10049 5040497 5040497 https://support.microsoft.com/help/5040497 10051 10049 5040498 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040498 10051 10049 Yes Security Only 6.1.7601.27219 https://support.microsoft.com/help/5040498 10051 10049 5040498 5040498 https://support.microsoft.com/help/5040498 10051 10049 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 Anonymous bobo and bee13oy with <a href="https://www.cyberkl.com/">Cyber Kunlun Lab</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, a victim machine must be running a performance counter collection tool such as Performance Monitor to collect performance counter data from an attacker machine. An attacker with local admin authority on the attacker machine could run malicious code remotely in the victim machine's performance counter data collector process.</p> Windows Performance Monitor Microsoft Yes CVE-2024-38028 Out-of-bounds Read 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040499 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040499 5039245 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22769 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040499 5040499 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040490 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040490 9312 10287 9318 9344 Yes Security Only 6.0.6003.22769 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040490 5040490 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040497 5039289 10051 10049 Yes Monthly Rollup 6.1.7601.27219 https://support.microsoft.com/help/5040497 10051 10049 5040497 5040497 https://support.microsoft.com/help/5040497 10051 10049 5040498 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040498 10051 10049 Yes Security Only 6.1.7601.27219 https://support.microsoft.com/help/5040498 10051 10049 5040498 5040498 https://support.microsoft.com/help/5040498 10051 10049 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 QingHe Xie and FangMing Gu 1.0 2024-07-09T07:00:00 <p>Information published.</p> Windows Themes Spoofing Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker would have to convince the user to load a malicious file onto a vulnerable system, typically by way of an enticement in an Email or Instant Messenger message, and then convince the user to manipulate the specially crafted file, but not necessarily click or open the malicious file.</p> Windows Themes Microsoft Yes CVE-2024-38030 Exposure of Sensitive Information to an Unauthorized Actor 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Spoofing 11568 Spoofing 11569 Spoofing 11571 Spoofing 11572 Spoofing 11923 Spoofing 11924 Spoofing 11926 Spoofing 11927 Spoofing 11929 Spoofing 11930 Spoofing 11931 Spoofing 12085 Spoofing 12086 Spoofing 12097 Spoofing 12098 Spoofing 12099 Spoofing 12242 Spoofing 12243 Spoofing 10729 Spoofing 10735 Spoofing 10852 Spoofing 10853 Spoofing 10816 Spoofing 10855 Spoofing 10378 Spoofing 10379 Spoofing 10483 Spoofing 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 12243 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 <p>Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigations might apply in your situation:</p> <ul> <li><p>Systems that have disabled NTLM are not affected.</p> </li> <li><p>Apply the existing group policy to block NTLM hash. With this policy enabled, this issue for a remote SMB location client or server can be mitigated. To enable the policy: Select <strong>Computer Configuration</strong> &gt; <strong>Windows Settings</strong> &gt; ** Security Settings** &gt; <strong>Local Policies</strong> &gt; <strong>Security Options</strong>. On the right pane, double-click the Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers policy per the options listed below in the Network security: <strong>Restrict NTLM: Outgoing NTLM traffic to remote servers</strong> documentation.</p> </li> </ul> <p><strong>References</strong>:</p> <ul> <li>For customers running Windows Server 2008 or 2008 R2: <a href="https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd560653(v=ws.10)">Introducing the Restriction of NTLM Authentication</a></li> <li>For customers running Windows 7 or 2008 R2: <a href="https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/ntlm-blocking-and-you-application-analysis-and-auditing/ba-p/397191">NTLM Blocking and You</a></li> <li>For customers running Windows 10 or 11: Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers <a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers">Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication</a></li> </ul> Tomer Peled with <a href="http://www.akamai.com/">Akamai</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability Windows Online Certificate Status Protocol (OCSP) Microsoft Yes CVE-2024-38031 Uncontrolled Resource Consumption 11571 11572 11923 11924 12244 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 12244 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12244 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10816 10855 5040499 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040499 5039245 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22769 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040499 5040499 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040490 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040490 9312 10287 9318 9344 Yes Security Only 6.0.6003.22769 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040490 5040490 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040497 5039289 10051 10049 Yes Monthly Rollup 6.1.7601.27219 https://support.microsoft.com/help/5040497 10051 10049 5040497 5040497 https://support.microsoft.com/help/5040497 10051 10049 5040498 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040498 10051 10049 Yes Security Only 6.1.7601.27219 https://support.microsoft.com/help/5040498 10051 10049 5040498 5040498 https://support.microsoft.com/help/5040498 10051 10049 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Microsoft Xbox Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to obtain special or uncommon hardware.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An unauthenticated attacker could send a malicious networking packet to an adjacent system that is employing a Wi-Fi networking adapter, which could enable remote code execution.</p> XBox Crypto Graphic Services Microsoft Yes CVE-2024-38032 Heap-based Buffer Overflow 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.1 6.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 Wei in Kunlun Lab with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> PowerShell Elevation of Privilege Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R) and privileges required  is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>An authorized attacker with standard user privileges could place a malicious file and then wait for the privileged victim to run the calling command.</p> <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain administrator privileges.</p> Windows PowerShell Microsoft Yes CVE-2024-38033 Improper Input Validation 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5048699 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5048699 5046697 10378 10379 Yes Monthly Rollup 6.2.9200.25222 https://support.microsoft.com/help/5048699 10378 10379 5048699 5048735 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5048735 5046682 10483 10543 Yes Monthly Rollup 6.3.9600.22318 https://support.microsoft.com/help/5048735 10483 10543 5048735 <a href="https://www.linkedin.com/in/tom-norfolk-455829b1/">Tom Norfolk</a> with AJ Bell <a href="https://twitter.com/bohops">Jimmy Bayne</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> 2.0 2024-12-10T08:00:00 <p>To comprehensively address CVE-2024-38033, Microsoft released security updates on December 10, 2024 for all affected versions of Windows Server 2012 and Windows Server 2012 R2.</p> <p>Microsoft recommends that customers running any of these products install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.</p> DHCP Server Service Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated DHCP Server privileges. As is best practice, regular validation and audits of administrative groups should be conducted.</p> Windows DHCP Server Microsoft Yes CVE-2024-38044 Numeric Truncation Error 11571 11572 11923 11924 12244 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12244 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12244 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10816 10855 5040499 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040499 5039245 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22769 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040499 5040499 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040490 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040490 9312 10287 9318 9344 Yes Security Only 6.0.6003.22769 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040490 5040490 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040497 5039289 10051 10049 Yes Monthly Rollup 6.1.7601.27219 https://support.microsoft.com/help/5040497 10051 10049 5040497 5040497 https://support.microsoft.com/help/5040497 10051 10049 5040498 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040498 10051 10049 Yes Security Only 6.1.7601.27219 https://support.microsoft.com/help/5040498 10051 10049 5040498 5040498 https://support.microsoft.com/help/5040498 10051 10049 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 wkai with Codesafe Team of Legendsec at QI-ANXIN Group 1.0 2024-07-09T07:00:00 <p>Information published.</p> PowerShell Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could elevate their user privileges from those of a restrained user to an unrestrained WDAC user.</p> Windows PowerShell Microsoft Yes CVE-2024-38047 Improper Input Validation 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10852 10853 10816 10855 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 <a href="https://twitter.com/bohops">Jimmy Bayne</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>An authenticated attacker could exploit this vulnerability with LAN access.</p> NDIS Microsoft Yes CVE-2024-38048 Out-of-bounds Read 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040499 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040499 5039245 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22769 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040499 5040499 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040490 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040490 9312 10287 9318 9344 Yes Security Only 6.0.6003.22769 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040490 5040490 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040497 5039289 10051 10049 Yes Monthly Rollup 6.1.7601.27219 https://support.microsoft.com/help/5040497 10051 10049 5040497 5040497 https://support.microsoft.com/help/5040497 10051 10049 5040498 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040498 10051 10049 Yes Security Only 6.1.7601.27219 https://support.microsoft.com/help/5040498 10051 10049 5040498 5040498 https://support.microsoft.com/help/5040498 10051 10049 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 Wei in Kunlun Lab with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment.</p> Windows Distributed Transaction Coordinator Microsoft Yes CVE-2024-38049 External Control of File Name or Path 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 9312 Remote Code Execution 10287 Remote Code Execution 9318 Remote Code Execution 9344 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.6 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040499 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040499 5039245 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22769 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040499 5040499 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040490 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040490 9312 10287 9318 9344 Yes Security Only 6.0.6003.22769 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040490 5040490 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040497 5039289 10051 10049 Yes Monthly Rollup 6.1.7601.27219 https://support.microsoft.com/help/5040497 10051 10049 5040497 5040497 https://support.microsoft.com/help/5040497 10051 10049 5040498 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040498 10051 10049 Yes Security Only 6.1.7601.27219 https://support.microsoft.com/help/5040498 10051 10049 5040498 5040498 https://support.microsoft.com/help/5040498 10051 10049 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 wkai with Codesafe Team of Legendsec at QI-ANXIN Group 1.0 2024-07-09T07:00:00 <p>Information published.</p> Windows Workstation Service Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>If successfully exploited, this vulnerability could case attacker-controlled data on the heap to overwrite critical structures of the service, leading to arbitrary memory write or control flow hijacking, resulting in privilege escalation</p> Windows Workstation Service Microsoft Yes CVE-2024-38050 Integer Underflow (Wrap or Wraparound) 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040497 5039289 10051 10049 Yes Monthly Rollup 6.1.7601.27219 https://support.microsoft.com/help/5040497 10051 10049 5040497 5040497 https://support.microsoft.com/help/5040497 10051 10049 5040498 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040498 10051 10049 Yes Security Only 6.1.7601.27219 https://support.microsoft.com/help/5040498 10051 10049 5040498 5040498 https://support.microsoft.com/help/5040498 10051 10049 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 A1gxer afang5472 1.0 2024-07-09T07:00:00 <p>Information published.</p> Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft Streaming Service Microsoft Yes CVE-2024-38052 Improper Input Validation 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040499 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040499 5039245 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22769 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040499 5040499 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040490 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040490 9312 10287 9318 9344 Yes Security Only 6.0.6003.22769 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040490 5040490 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040497 5039289 10051 10049 Yes Monthly Rollup 6.1.7601.27219 https://support.microsoft.com/help/5040497 10051 10049 5040497 5040497 https://support.microsoft.com/help/5040497 10051 10049 5040498 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040498 10051 10049 Yes Security Only 6.1.7601.27219 https://support.microsoft.com/help/5040498 10051 10049 5040498 5040498 https://support.microsoft.com/help/5040498 10051 10049 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 <a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability <p><strong>According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?</strong></p> <p>This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An unauthenticated attacker could send a malicious networking packet over the ethernet to an adjacent system that is employing a networking adapter, which could enable remote code execution.</p> Windows Internet Connection Sharing (ICS) Microsoft Yes CVE-2024-38053 Use After Free 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Remote Code Execution 11568 Remote Code Execution 11569 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 11929 Remote Code Execution 11930 Remote Code Execution 11931 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12097 Remote Code Execution 12098 Remote Code Execution 12099 Remote Code Execution 12242 Remote Code Execution 12243 Remote Code Execution 12244 Remote Code Execution 10729 Remote Code Execution 10735 Remote Code Execution 10852 Remote Code Execution 10853 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 8.8 7.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 Wei in Kunlun Lab with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Microsoft Streaming Service Microsoft Yes CVE-2024-38057 Out-of-bounds Read 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040499 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040499 5039245 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22769 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040499 5040499 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040490 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040490 9312 10287 9318 9344 Yes Security Only 6.0.6003.22769 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040490 5040490 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040497 5039289 10051 10049 Yes Monthly Rollup 6.1.7601.27219 https://support.microsoft.com/help/5040497 10051 10049 5040497 5040497 https://support.microsoft.com/help/5040497 10051 10049 5040498 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040498 10051 10049 Yes Security Only 6.1.7601.27219 https://support.microsoft.com/help/5040498 10051 10049 5040498 5040498 https://support.microsoft.com/help/5040498 10051 10049 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 <a href="https://twitter.com/scwuaptx">Angelboy (@scwuaptx)</a> with <a href="https://devco.re/">DEVCORE</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> BitLocker Security Feature Bypass Vulnerability <p><strong>Why was the fix for this vulnerability disabled and how can I apply protections to address this issue?</strong></p> <p>When customers applied the fix for this vulnerability to their devices, we received feedback about firmware incompatibility issues that were causing BitLocker to go into recovery mode on some devices. As a result, with the release of the August 2024 security updates we are disabling this fix. Customers who want this protection can apply the mitigations described in <a href="https://support.microsoft.com/help/5025885">KB5025885</a>.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.</p> Windows BitLocker Microsoft Yes CVE-2024-38058 Protection Mechanism Failure 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 Bill Demirkapi of Microsoft 1.1 2024-08-13T07:00:00 <p>Added an FAQ to explain that because of firmware incompatibility issues that were causing BitLocker to go into recovery mode on some devices, the fix for CVE-2024-38058 has been disabled with the release of the August 2024 security updates. Customers who want to be protected from the vulnerability can apply the mitigations described in <a href="https://support.microsoft.com/help/5025885">KB5025885</a>.</p> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Secure Boot Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass Secure Boot.</p> Windows Secure Boot Microsoft Yes CVE-2024-38065 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 6.8 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 Zammis Clark 1.0 2024-07-09T07:00:00 <p>Information published.</p> Windows Win32k Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> Windows Win32K - GRFX Microsoft Yes CVE-2024-38066 Use After Free 11568 11569 11571 11572 11929 11930 11931 12097 12098 12099 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11929 Important 11930 Important 11931 Important 12097 Important 12098 Important 12099 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040499 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040499 5039245 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22769 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040499 5040499 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040490 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040490 9312 10287 9318 9344 Yes Security Only 6.0.6003.22769 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040490 5040490 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040497 5039289 10051 10049 Yes Monthly Rollup 6.1.7601.27219 https://support.microsoft.com/help/5040497 10051 10049 5040497 5040497 https://support.microsoft.com/help/5040497 10051 10049 5040498 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040498 10051 10049 Yes Security Only 6.1.7601.27219 https://support.microsoft.com/help/5040498 10051 10049 5040498 5040498 https://support.microsoft.com/help/5040498 10051 10049 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 Marcin Wiazowski working with Trend Micro Zero Day Initiative 1.0 2024-07-09T07:00:00 <p>Information published.</p> Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability Windows Online Certificate Status Protocol (OCSP) Microsoft Yes CVE-2024-38067 Uncontrolled Resource Consumption 11571 11572 11923 11924 12244 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 12244 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12244 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10816 10855 5040499 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040499 5039245 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22769 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040499 5040499 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040490 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040490 9312 10287 9318 9344 Yes Security Only 6.0.6003.22769 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040490 5040490 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040497 5039289 10051 10049 Yes Monthly Rollup 6.1.7601.27219 https://support.microsoft.com/help/5040497 10051 10049 5040497 5040497 https://support.microsoft.com/help/5040497 10051 10049 5040498 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040498 10051 10049 Yes Security Only 6.1.7601.27219 https://support.microsoft.com/help/5040498 10051 10049 5040498 5040498 https://support.microsoft.com/help/5040498 10051 10049 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability Windows Online Certificate Status Protocol (OCSP) Microsoft Yes CVE-2024-38068 Uncontrolled Resource Consumption 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040499 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040499 5039245 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22769 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040499 5040499 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040490 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040490 9312 10287 9318 9344 Yes Security Only 6.0.6003.22769 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040490 5040490 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040497 5039289 10051 10049 Yes Monthly Rollup 6.1.7601.27219 https://support.microsoft.com/help/5040497 10051 10049 5040497 5040497 https://support.microsoft.com/help/5040497 10051 10049 5040498 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040498 10051 10049 Yes Security Only 6.1.7601.27219 https://support.microsoft.com/help/5040498 10051 10049 5040498 5040498 https://support.microsoft.com/help/5040498 10051 10049 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 <a href="https://twitter.com/keyz3r0">k0shl</a> with <a href="https://www.cyberkl.com/">Kunlun Lab</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Windows Enroll Engine Security Feature Bypass Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass certificate validation during the account enrollment process.</p> Windows Enroll Engine Microsoft Yes CVE-2024-38069 Improper Verification of Cryptographic Signature 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 Izzy Whistlecroft of Microsoft's Security Response Center 1.0 2024-07-09T07:00:00 <p>Information published.</p> Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass the execution policy for the Windows LockDown Policy (WLDP) for the WDAC API.</p> Windows LockDown Policy (WLDP) Microsoft Yes CVE-2024-38070 Protection Mechanism Failure 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10378 Security Feature Bypass 10379 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 Rajiv Chikine with Microsoft 1.0 2024-07-09T07:00:00 <p>Information published.</p> Windows Remote Desktop Licensing Service Denial of Service Vulnerability <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of availability (A:H)? What does that mean for this vulnerability?</strong></p> <p>An attacker could impact availability of the service resulting in Denial of Service (DoS).</p> Windows Remote Desktop Licensing Service Microsoft Yes CVE-2024-38073 Out-of-bounds Read 11571 11572 11923 11924 12244 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 12244 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 12244 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10816 10855 5040499 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040499 5039245 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22769 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040499 5040499 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040490 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040490 9312 10287 9318 9344 Yes Security Only 6.0.6003.22769 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040490 5040490 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040497 5039289 10051 10049 Yes Monthly Rollup 6.1.7601.27219 https://support.microsoft.com/help/5040497 10051 10049 5040497 5040497 https://support.microsoft.com/help/5040497 10051 10049 5040498 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040498 10051 10049 Yes Security Only 6.1.7601.27219 https://support.microsoft.com/help/5040498 10051 10049 5040498 5040498 https://support.microsoft.com/help/5040498 10051 10049 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 <a href="https://twitter.com/lewislee53">Lewis Lee</a>, <a href="https://twitter.com/ver0759">Chunyang Han</a> and <a href="https://twitter.com/edwardzpeng">Zhiniang Peng</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could send a specially crafted packet to a server set up as a Remote Desktop Licensing server, which will cause remote code execution.</p> Windows Remote Desktop Licensing Service Microsoft Yes CVE-2024-38074 Integer Underflow (Wrap or Wraparound) 11571 11572 11923 11924 12244 10816 10855 10051 10049 10378 10379 10483 10543 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12244 Remote Code Execution 10816 Remote Code Execution 10855 Remote Code Execution 10051 Remote Code Execution 10049 Remote Code Execution 10378 Remote Code Execution 10379 Remote Code Execution 10483 Remote Code Execution 10543 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 12244 Critical 10816 Critical 10855 Critical 10051 Critical 10049 Critical 10378 Critical 10379 Critical 10483 Critical 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10816 10855 5040497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040497 5039289 10051 10049 Yes Monthly Rollup 6.1.7601.27219 https://support.microsoft.com/help/5040497 10051 10049 5040497 5040497 https://support.microsoft.com/help/5040497 10051 10049 5040498 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040498 10051 10049 Yes Security Only 6.1.7601.27219 https://support.microsoft.com/help/5040498 10051 10049 5040498 5040498 https://support.microsoft.com/help/5040498 10051 10049 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 <p>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx">mitigation</a> may be helpful in your situation.</p> <p>In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as possible even if you plan to leave Remote Desktop Licensing Service disabled:</p> <p><strong>1. Disable Remote Desktop Licensing Service if is not required.</strong></p> <p>If you no longer need this service on your system, consider disabling it as a security best practice. Disabling unused and unneeded services helps reduce your exposure to security vulnerabilities.</p> <a href="https://twitter.com/lewislee53">Lewis Lee</a>, <a href="https://twitter.com/ver0759">Chunyang Han</a> and <a href="https://twitter.com/edwardzpeng">Zhiniang Peng</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could send a specially crafted packet to a server set up as a Remote Desktop Licensing server, which will cause remote code execution.</p> Windows Remote Desktop Microsoft Yes CVE-2024-38076 Heap-based Buffer Overflow 11571 11572 11923 11924 12244 10816 10855 Remote Code Execution 11571 Remote Code Execution 11572 Remote Code Execution 11923 Remote Code Execution 11924 Remote Code Execution 12244 Remote Code Execution 10816 Remote Code Execution 10855 Critical 11571 Critical 11572 Critical 11923 Critical 11924 Critical 12244 Critical 10816 Critical 10855 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 9.8 8.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10816 10855 <p>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx">mitigation</a> may be helpful in your situation.</p> <p>In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as possible even if you plan to leave Remote Desktop Licensing Service disabled:</p> <p><strong>1. Disable Remote Desktop Licensing Service if is not required.</strong></p> <p>If you no longer need this service on your system, consider disabling it as a security best practice. Disabling unused and unneeded services helps reduce your exposure to security vulnerabilities.</p> <a href="https://twitter.com/lewislee53">Lewis Lee</a>, <a href="https://twitter.com/ver0759">Chunyang Han</a> and <a href="https://twitter.com/edwardzpeng">Zhiniang Peng</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Xbox Wireless Adapter Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?</strong></p> <p>Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions.</p> <p><strong>How could an attacker exploit the vulnerability?</strong></p> <p>An unauthenticated attacker could send a malicious networking packet to an adjacent system that is employing a Wi-Fi networking adapter, which could enable remote code execution.</p> XBox Crypto Graphic Services Microsoft Yes CVE-2024-38078 Use After Free 11926 11927 12085 12086 12242 12243 Remote Code Execution 11926 Remote Code Execution 11927 Remote Code Execution 12085 Remote Code Execution 12086 Remote Code Execution 12242 Remote Code Execution 12243 Important 11926 Important 11927 Important 12085 Important 12086 Important 12242 Important 12243 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 Wei in Kunlun Lab with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Windows Graphics Component Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.</p> Microsoft Graphics Component Microsoft Yes CVE-2024-38079 Heap-based Buffer Overflow 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040499 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040499 5039245 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22769 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040499 5040499 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040490 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040490 9312 10287 9318 9344 Yes Security Only 6.0.6003.22769 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040490 5040490 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040497 5039289 10051 10049 Yes Monthly Rollup 6.1.7601.27219 https://support.microsoft.com/help/5040497 10051 10049 5040497 5040497 https://support.microsoft.com/help/5040497 10051 10049 5040498 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040498 10051 10049 Yes Security Only 6.1.7601.27219 https://support.microsoft.com/help/5040498 10051 10049 5040498 5040498 https://support.microsoft.com/help/5040498 10051 10049 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 Anonymous 1.0 2024-07-09T07:00:00 <p>Information published.</p> .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>Exploitation of this vulnerability requires that a local user executes the Visual Studio installer</p> <p><strong>According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?</strong></p> <p>The attacker must have permissions to access the target domain environment to be able to exploit this vulnerability.</p> .NET and Visual Studio Microsoft Yes CVE-2024-38081 Improper Link Resolution Before File Access ('Link Following') 12129 12187 12271 12009 11863-10379 11863-10543 11863-10378 12079-11923 12079-11924 12079-11926 12079-11927 12079-11929 12079-11930 12079-11931 12079-12085 12079-12086 12079-12097 12079-12098 12079-12099 12079-12242 12079-12244 12079-12243 12115-10287 12115-9312 12115-9318 12115-9344 12136-10729 12136-10735 9292-9312 9292-9318 9195-9318 9195-9312 11863-10483 2472-9312 2472-9318 2472-10378 2472-10379 2472-10483 2472-10543 9495-10051 9495-10049 11650-10853 11650-10852 11650-10816 11650-10855 11650-10049 11650-10378 11650-10051 11650-10483 11650-10379 11650-10543 11676-11569 11676-11568 11676-11571 11676-11572 11676-11924 11676-11923 11676-11926 11676-11927 11676-11929 11676-11930 11676-11931 11676-12098 11676-12097 11676-12099 11677-11568 11677-11569 11677-11570 11677-11571 11677-11572 11677-10852 11677-10853 11677-10816 11677-10855 11863-10051 11863-10049 Elevation of Privilege 12129 Elevation of Privilege 12187 Elevation of Privilege 12271 Elevation of Privilege 12009 Elevation of Privilege 11863-10379 Elevation of Privilege 11863-10543 Elevation of Privilege 11863-10378 Elevation of Privilege 12079-11923 Elevation of Privilege 12079-11924 Elevation of Privilege 12079-11926 Elevation of Privilege 12079-11927 Elevation of Privilege 12079-11929 Elevation of Privilege 12079-11930 Elevation of Privilege 12079-11931 Elevation of Privilege 12079-12085 Elevation of Privilege 12079-12086 Elevation of Privilege 12079-12097 Elevation of Privilege 12079-12098 Elevation of Privilege 12079-12099 Elevation of Privilege 12079-12242 Elevation of Privilege 12079-12244 Elevation of Privilege 12079-12243 Elevation of Privilege 12115-10287 Elevation of Privilege 12115-9312 Elevation of Privilege 12115-9318 Elevation of Privilege 12115-9344 Elevation of Privilege 12136-10729 Elevation of Privilege 12136-10735 Elevation of Privilege 9292-9312 Elevation of Privilege 9292-9318 Elevation of Privilege 9195-9318 Elevation of Privilege 9195-9312 Elevation of Privilege 11863-10483 Elevation of Privilege 2472-9312 Elevation of Privilege 2472-9318 Elevation of Privilege 2472-10378 Elevation of Privilege 2472-10379 Elevation of Privilege 2472-10483 Elevation of Privilege 2472-10543 Elevation of Privilege 9495-10051 Elevation of Privilege 9495-10049 Elevation of Privilege 11650-10853 Elevation of Privilege 11650-10852 Elevation of Privilege 11650-10816 Elevation of Privilege 11650-10855 Elevation of Privilege 11650-10049 Elevation of Privilege 11650-10378 Elevation of Privilege 11650-10051 Elevation of Privilege 11650-10483 Elevation of Privilege 11650-10379 Elevation of Privilege 11650-10543 Elevation of Privilege 11676-11569 Elevation of Privilege 11676-11568 Elevation of Privilege 11676-11571 Elevation of Privilege 11676-11572 Elevation of Privilege 11676-11924 Elevation of Privilege 11676-11923 Elevation of Privilege 11676-11926 Elevation of Privilege 11676-11927 Elevation of Privilege 11676-11929 Elevation of Privilege 11676-11930 Elevation of Privilege 11676-11931 Elevation of Privilege 11676-12098 Elevation of Privilege 11676-12097 Elevation of Privilege 11676-12099 Elevation of Privilege 11677-11568 Elevation of Privilege 11677-11569 Elevation of Privilege 11677-11570 Elevation of Privilege 11677-11571 Elevation of Privilege 11677-11572 Elevation of Privilege 11677-10852 Elevation of Privilege 11677-10853 Elevation of Privilege 11677-10816 Elevation of Privilege 11677-10855 Elevation of Privilege 11863-10051 Elevation of Privilege 11863-10049 Important 12129 Important 12187 Important 12271 Important 12009 Important 11863-10379 Important 11863-10543 Important 11863-10378 Important 12079-11923 Important 12079-11924 Important 12079-11926 Important 12079-11927 Important 12079-11929 Important 12079-11930 Important 12079-11931 Important 12079-12085 Important 12079-12086 Important 12079-12097 Important 12079-12098 Important 12079-12099 Important 12079-12242 Important 12079-12244 Important 12079-12243 Important 12115-10287 Important 12115-9312 Important 12115-9318 Important 12115-9344 Important 12136-10729 Important 12136-10735 Important 9292-9312 Important 9292-9318 Important 9195-9318 Important 9195-9312 Important 11863-10483 Important 2472-9312 Important 2472-9318 Important 2472-10378 Important 2472-10379 Important 2472-10483 Important 2472-10543 Important 9495-10051 Important 9495-10049 Important 11650-10853 Important 11650-10852 Important 11650-10816 Important 11650-10855 Important 11650-10049 Important 11650-10378 Important 11650-10051 Important 11650-10483 Important 11650-10379 Important 11650-10543 Important 11676-11569 Important 11676-11568 Important 11676-11571 Important 11676-11572 Important 11676-11924 Important 11676-11923 Important 11676-11926 Important 11676-11927 Important 11676-11929 Important 11676-11930 Important 11676-11931 Important 11676-12098 Important 11676-12097 Important 11676-12099 Important 11677-11568 Important 11677-11569 Important 11677-11570 Important 11677-11571 Important 11677-11572 Important 11677-10852 Important 11677-10853 Important 11677-10816 Important 11677-10855 Important 11863-10051 Important 11863-10049 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12129 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12187 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12271 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12009 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10379 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10543 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10378 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11923 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11924 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11926 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11927 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11929 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11930 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-11931 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12085 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12086 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12097 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12098 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12099 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12242 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12244 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12079-12243 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12115-10287 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12115-9312 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12115-9318 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12115-9344 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12136-10729 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12136-10735 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9292-9312 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9292-9318 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9195-9318 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9195-9312 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10483 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 2472-9312 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 2472-9318 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 2472-10378 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 2472-10379 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 2472-10483 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 2472-10543 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9495-10051 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9495-10049 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10853 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10852 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10816 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10855 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10049 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10378 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10051 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10483 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10379 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11650-10543 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11569 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11568 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11571 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11572 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11924 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11923 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11926 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11927 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11929 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11930 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-11931 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-12098 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-12097 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11676-12099 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11568 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11569 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11570 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11571 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-11572 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-10852 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-10853 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-10816 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11677-10855 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10051 7.3 6.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11863-10049 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.21 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.17 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8 12271 Maybe Security Update 17.8.12 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12271 Release Notes 5041080 https://dotnet.microsoft.com/download/dotnet/6.0 12009 Maybe Security Update 6.0.32 https://support.microsoft.com/help/5041080 12009 5041080 5041022 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039880 11863-10379 11863-10378 Maybe Monthly Rollup 4.7.4101.02 https://support.microsoft.com/help/5041022 11863-10379 11863-10378 5041022 5041023 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039881 11863-10543 11863-10483 Maybe Monthly Rollup 4.7.4101.02 https://support.microsoft.com/help/5041023 11863-10543 11863-10483 5041023 5041016 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039907 12079-11923 12079-11924 Maybe Security Update 4.8.1.9256.03 https://support.microsoft.com/help/5041016 12079-11923 12079-11924 5041016 5041020 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039906 12079-11926 Maybe Monthly Rollup 4.8.9256.03 https://support.microsoft.com/help/5041020 12079-11926 5041020 5041020 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039906 12079-11927 Maybe Security Update 4.8.9256.03 12079-11927 5041020 5041018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039893 12079-11929 12079-11930 12079-11931 Maybe Security Update 4.8.1.9256.03 https://support.microsoft.com/help/5041018 12079-11929 12079-11930 12079-11931 5041018 5039895 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039895 12079-12085 12079-12086 12079-12242 12079-12243 Maybe Security Update 4.8.1.9256.03 https://support.microsoft.com/help/5039895 12079-12085 12079-12086 12079-12242 12079-12243 5039895 5041019 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039893 12079-12097 12079-12098 12079-12099 Maybe Security Update 4.8.1.9256.03 https://support.microsoft.com/help/5041019 12079-12097 12079-12098 12079-12099 5041019 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12079-12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12079-12244 5040438 5040438 https://support.microsoft.com/help/5040438 12079-12244 5041024 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039882 12115-10287 12115-9312 12115-9318 12115-9344 Maybe Monthly Rollup 4.7.4101.01 https://support.microsoft.com/help/5041024 12115-10287 12115-9312 12115-9318 12115-9344 5041024 5041027 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040122 12115-10287 12115-9312 12115-9318 12115-9344 Maybe Security Only 4.7.4101.01 https://support.microsoft.com/help/5041027 12115-10287 12115-9312 12115-9318 12115-9344 5041027 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 12136-10729 12136-10735 11677-10816 11677-10855 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 12136-10729 12136-10735 11677-10816 11677-10855 5040448 5040448 https://support.microsoft.com/help/5040448 12136-10729 12136-10735 11677-10816 11677-10855 5041024 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039911 9292-9312 9292-9318 9195-9318 9195-9312 Maybe Monthly Rollup 2.0.50727.8977 https://support.microsoft.com/help/5041024 9292-9312 9292-9318 9195-9318 9195-9312 5041024 5041027 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040118 9292-9312 9292-9318 9195-9318 9195-9312 Maybe Security Only 2.0.50727.8977 https://support.microsoft.com/help/5041027 9292-9312 9292-9318 9195-9318 9195-9312 5041027 5041024 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040673 2472-9312 2472-9318 Maybe Monthly Rollup 3.5.30729.8972 https://support.microsoft.com/help/5041024 2472-9312 2472-9318 5041024 5041027 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040680 2472-9312 2472-9318 Maybe Security Only 3.5.30729.8972 https://support.microsoft.com/help/5041024 2472-9312 2472-9318 5041027 5041022 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039908 2472-10378 2472-10379 2472-10483 Maybe Monthly Rollup 3.5.30729.8971 https://support.microsoft.com/help/5041022 2472-10378 2472-10379 2472-10483 5041022 5041023 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039910 2472-10543 Maybe Monthly Rollup 3.5.4101.04 https://support.microsoft.com/help/5041023 2472-10543 5041023 5041021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039909 9495-10051 9495-10049 Maybe Monthly Rollup 3.5.30729.8971 https://support.microsoft.com/help/5041021 9495-10051 9495-10049 5041021 5041026 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040119 9495-10051 9495-10049 Maybe Security Only 3.5.30729.8971 https://support.microsoft.com/help/5041026 9495-10051 9495-10049 5041026 5039885 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039885 11650-10853 11650-10852 11650-10816 11650-10855 Maybe Security Update 4.8.04739.02 https://support.microsoft.com/help/5039885 11650-10853 11650-10852 11650-10816 11650-10855 5039885 5041021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039891 11650-10049 11650-10051 Maybe Monthly Rollup 4.8.4739.02 https://support.microsoft.com/help/5041021 11650-10049 11650-10051 5041021 5041026 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040123 11650-10049 11650-10051 Maybe Security Only 4.8.4739.03 https://support.microsoft.com/help/5041026 11650-10049 11650-10051 5041026 5041022 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039888 11650-10378 11650-10379 Maybe Monthly Rollup 4.8.4739.02 https://support.microsoft.com/help/5041022 11650-10378 11650-10379 5041022 5041023 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039890 11650-10483 11650-10543 Maybe Monthly Rollup 4.8.4739.02 https://support.microsoft.com/help/5041023 11650-10483 11650-10543 5041023 5041017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039886 11676-11569 11676-11568 11676-11571 11676-11572 Maybe Security Update 4.8.4739.04 https://support.microsoft.com/help/5041017 11676-11569 11676-11568 11676-11571 11676-11572 5041017 5041016 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039889 11676-11924 11676-11923 Maybe Security Update 4.8.4739.04 https://support.microsoft.com/help/5041016 11676-11924 11676-11923 5041016 5041020 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039887 11676-11926 11676-11927 Maybe Security Update 4.8.4739.04 https://support.microsoft.com/help/5041020 11676-11926 11676-11927 5041020 5041018 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039884 11676-11929 11676-11930 11676-11931 Maybe Security Update 4.8.4739.04 https://support.microsoft.com/help/5041018 11676-11929 11676-11930 11676-11931 5041018 5041019 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039884 11676-12098 11676-12097 11676-12099 Maybe Security Update 4.8.4739.04 https://support.microsoft.com/help/5041019 11676-12098 11676-12097 11676-12099 5041019 5041017 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039879 11677-11568 11677-11569 11677-11570 11677-11571 11677-11572 Maybe Security Update 4.7.2.4101.03 https://support.microsoft.com/help/5041017 11677-11568 11677-11569 11677-11570 11677-11571 11677-11572 5041017 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 11677-10852 11677-10853 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 11677-10852 11677-10853 5040434 5040434 https://support.microsoft.com/help/5040434 11677-10852 11677-10853 5041026 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040122 11863-10051 11863-10049 Maybe Security Only 4.7.4101.01 https://support.microsoft.com/help/5041026 11863-10051 11863-10049 5041026 5041021 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5039882 11863-10049 Maybe Monthly Rollup 4.7.4101.02 https://support.microsoft.com/help/5041021 11863-10049 5041021 goodbyeselene goodbyeselene 1.0 2024-07-09T07:00:00 <p>Information published.</p> 2.0 2024-07-25T07:00:00 <p>In the Security Updates table, made the following corrections: 1) Added .NET 6.0 as it is affected by this vulnerability. 2) Removed .NET 8.0 as it is not affected by this vulnerability. 3) Corrected Download and Article links for .NET 3.5 and 4.7.2 installed on Windows 10 Version 1809 for 32-bit Systems.</p> 2.1 2024-08-13T07:00:00 <p>Corrected Article and Download entries in the Affected Products table. This is an informational change only.</p> Microsoft Defender for IoT Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability would gain the ability to escape the AppContainer and impersonate a non-AppContainer token.</p> <p><strong>According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>In this case, a successful attack could be performed from a low privilege <a href="https://docs.microsoft.com/windows/win32/secauthz/appcontainer-isolation">AppContainer</a>. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.</p> <p><strong>How could an attacker exploit this vulnerability?</strong></p> <p>An attacker could exploit the vulnerability by escaping the sensor-app docker container (which is running the web application) and running commands on the host. This would allow them to enter any other containers and potentially gain control over the system.</p> Microsoft Defender for IoT Microsoft Yes CVE-2024-38089 Improper Privilege Management 11967 Elevation of Privilege 11967 Important 11967 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 9.1 7.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 11967 Release Notes https://learn.microsoft.com/en-us/azure/defender-for-iot/organizations/legacy-central-management/how-to-manage-the-on-premises-management-console?tabs=ca-signed#update-the-software-version 11967 Maybe Security Update 24.1.4 https://learn.microsoft.com/en-us/azure/defender-for-iot/organizations/release-notes#versions-241x 11967 Release Notes <p>The following <a href="https://technet.microsoft.com/library/security/dn848375.aspx">mitigating factor</a> might be helpful in your situation:</p> <p>Consider upgrading to Defender for IoT version 24.1.4 or newer.</p> <a href="https://www.siemens-energy.com/">Siemens Energy</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Azure CycleCloud Elevation of Privilege Vulnerability <p><strong>What privileges could be gained by an attacker who successfully exploited the vulnerability?</strong></p> <p>The attacker who successfully exploited the vulnerability could elevate privileges to the Administrator role in the vulnerable Azure CycleCloud instance.</p> <p><strong>According to the CVSS metric, privileges required is Low (PR:L). What does that mean for this vulnerability?</strong></p> <p>To exploit this vulnerability an attacker must have an account with the User role assigned.</p> <p><strong>What actions do customers need to take to protect themselves from this vulnerability?</strong></p> <p>Azure CycleCloud versions 7.9.0 - 7.9.11 were retired on 30 September, 2023 as documented here: <a href="https://learn.microsoft.com/en-us/azure/cyclecloud/how-to/cyclecloud7-retirement-guide?view=cyclecloud-8">CycleCloud 7 Retirement Guide</a>. Customers with existing CycleCloud deployments using versions 7.9.0 - 7.9.11 must migrate their resources to CycleCloud version 8.6.2 to be protected by following the instructions here: <a href="https://learn.microsoft.com/en-us/azure/cyclecloud/how-to/upgrade-and-migrate?view=cyclecloud-8">Upgrading CycleCloud</a>.</p> <p>Customers with existing CycleCloud deployments using versions 8.0.0 - 8.6.0 should update their resources to CycleCloud version 8.6.2 to be protected by following the instructions here: <a href="https://learn.microsoft.com/en-us/azure/cyclecloud/how-to/upgrade-and-migrate?view=cyclecloud-8">Upgrading CycleCloud</a>.</p> Azure CycleCloud Microsoft Yes CVE-2024-38092 Protection Mechanism Failure 11904 11905 12102 12333 12360 12363 12361 12369 12368 12370 12371 12362 12366 12364 12365 12367 12372 12374 12376 12373 12375 12377 12379 12378 12380 12381 Elevation of Privilege 11904 Elevation of Privilege 11905 Elevation of Privilege 12102 Elevation of Privilege 12333 Elevation of Privilege 12360 Elevation of Privilege 12363 Elevation of Privilege 12361 Elevation of Privilege 12369 Elevation of Privilege 12368 Elevation of Privilege 12370 Elevation of Privilege 12371 Elevation of Privilege 12362 Elevation of Privilege 12366 Elevation of Privilege 12364 Elevation of Privilege 12365 Elevation of Privilege 12367 Elevation of Privilege 12372 Elevation of Privilege 12374 Elevation of Privilege 12376 Elevation of Privilege 12373 Elevation of Privilege 12375 Elevation of Privilege 12377 Elevation of Privilege 12379 Elevation of Privilege 12378 Elevation of Privilege 12380 Elevation of Privilege 12381 Important 11904 Important 11905 Important 12102 Important 12333 Important 12360 Important 12363 Important 12361 Important 12369 Important 12368 Important 12370 Important 12371 Important 12362 Important 12366 Important 12364 Important 12365 Important 12367 Important 12372 Important 12374 Important 12376 Important 12373 Important 12375 Important 12377 Important 12379 Important 12378 Important 12380 Important 12381 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11904 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 11905 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12102 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12333 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12360 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12363 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12361 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12369 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12368 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12370 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12371 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12362 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12366 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12364 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12365 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12367 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12372 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12374 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12376 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12373 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12375 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12377 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12379 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12378 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12380 8.8 7.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C 12381 Release Notes https://learn.microsoft.com/en-us/azure/cyclecloud/how-to/upgrade-and-migrate?view=cyclecloud-8 11904 11905 12102 12333 12360 12363 12361 12369 12368 12370 12371 12362 12366 12364 12365 12367 12372 12374 12376 12373 12375 12377 12379 12378 12380 12381 Maybe Security Update 8.6.2 https://learn.microsoft.com/en-us/azure/cyclecloud/release-notes-previous?view=cyclecloud-8 11904 11905 12102 12333 12360 12363 12361 12369 12368 12370 12371 12362 12366 12364 12365 12367 12372 12374 12376 12373 12375 12377 12379 12378 12380 12381 Release Notes <a href="https://www.linkedin.com/in/christianbortone/">Christian Bortone</a> with <a href="https://merckgroup.com/">Merck KGaA</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Microsoft SharePoint Remote Code Execution Vulnerability <p><strong>According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?</strong></p> <p>An authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server.</p> Microsoft Office SharePoint Microsoft Yes CVE-2024-38094 Deserialization of Untrusted Data 10950 11585 11961 Remote Code Execution 10950 Remote Code Execution 11585 Remote Code Execution 11961 Important 10950 Important 11585 Important 11961 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10950 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11585 7.2 6.3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11961 5002618 https://www.microsoft.com/download/details.aspx?familyid=92f58fc5-c39d-4a25-bea5-ddee233c734c 5002604 10950 Maybe Security Update 16.0.5456.1000 https://support.microsoft.com/help/5002618 10950 5002618 5002618 https://support.microsoft.com/help/5002618 10950 5002615 https://www.microsoft.com/download/details.aspx?familyid=a981cd4e-a4a7-4b75-85c3-6708c75ec97e 5002602 11585 Maybe Security Update 16.0.10412.20001 https://support.microsoft.com/help/5002615 11585 5002615 5002615 https://support.microsoft.com/help/5002615 11585 5002606 https://www.microsoft.com/download/details.aspx?familyid=79a55ec9-bad3-44c2-bd0e-843f637f43a7 5002603 11961 Maybe Security Update 16.0.17328.20424 https://support.microsoft.com/help/5002606 11961 5002606 1.0 2024-07-09T07:00:00 <p>Information published.</p> Windows Remote Desktop Licensing Service Denial of Service Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to possess advanced reverse engineering skills to identify and gain unauthorized access to specific remote procedure call (RPC) endpoints.</p> <p><strong>Are there additional actions I need to take after I have installed the update?</strong></p> <p>Yes. If your RD session hosts and RD licensing servers are joined to a work group, you need to ensure that your RD session hosts have the necessary credentials to access your RD licensing servers. For more information see: <a href="https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/rds-license-session-hosts#ensure-an-rd-session-host-can-access-an-rd-licensing-server-in-the-same-work-group">License Remote Desktop session hosts</a>. No additional action is needed for RD session hosts and RD licensing servers joined to a domain.</p> Windows Remote Desktop Licensing Service Microsoft Yes CVE-2024-38099 Improper Authentication 11571 11572 11923 11924 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 10816 Denial of Service 10855 Denial of Service 9312 Denial of Service 10287 Denial of Service 9318 Denial of Service 9344 Denial of Service 10051 Denial of Service 10049 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11571 Important 11572 Important 11923 Important 11924 Important 10816 Important 10855 Important 9312 Important 10287 Important 9318 Important 9344 Important 10051 Important 10049 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9312 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10287 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9318 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 9344 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10051 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10049 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10816 10855 5040499 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040499 5039245 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22769 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040499 5040499 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040490 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040490 9312 10287 9318 9344 Yes Security Only 6.0.6003.22769 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040490 5040490 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040497 5039289 10051 10049 Yes Monthly Rollup 6.1.7601.27219 https://support.microsoft.com/help/5040497 10051 10049 5040497 5040497 https://support.microsoft.com/help/5040497 10051 10049 5040498 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040498 10051 10049 Yes Security Only 6.1.7601.27219 https://support.microsoft.com/help/5040498 10051 10049 5040498 5040498 https://support.microsoft.com/help/5040498 10051 10049 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 Philemon Orphee Favrod with Microsoft Josh Watson with Microsoft Gus Catalano with Microsoft Ray Reskusich with Microsoft Lewis Lee, Chunyang Han, and Zhiniang Peng 1.0 2024-07-09T07:00:00 <p>Information published.</p> Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability <p><strong>According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?</strong></p> <p>This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.</p> Windows Internet Connection Sharing (ICS) Microsoft Yes CVE-2024-38101 Out-of-bounds Read 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 Wei in Kunlun Lab with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability <p><strong>According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?</strong></p> <p>This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.</p> Windows Layer-2 Bridge Network Driver Microsoft Yes CVE-2024-38105 Improper Input Validation 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10378 10379 10483 10543 Denial of Service 11568 Denial of Service 11569 Denial of Service 11571 Denial of Service 11572 Denial of Service 11923 Denial of Service 11924 Denial of Service 11926 Denial of Service 11927 Denial of Service 11929 Denial of Service 11930 Denial of Service 11931 Denial of Service 12085 Denial of Service 12086 Denial of Service 12097 Denial of Service 12098 Denial of Service 12099 Denial of Service 12242 Denial of Service 12243 Denial of Service 12244 Denial of Service 10729 Denial of Service 10735 Denial of Service 10852 Denial of Service 10853 Denial of Service 10816 Denial of Service 10855 Denial of Service 10378 Denial of Service 10379 Denial of Service 10483 Denial of Service 10543 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10378 Important 10379 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11568 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11569 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11571 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11572 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11923 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11924 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11926 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11927 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11929 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11930 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11931 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12085 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12086 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12097 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12098 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12099 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12242 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12243 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12244 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10729 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10735 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10852 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10853 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10816 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10855 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10378 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10379 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10483 6.5 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 Wei in Kunlun Lab with <a href="https://www.cyberkl.com/">Cyber KunLun</a> 1.0 2024-07-09T07:00:00 <p>Information published.</p> Github: CVE-2024-39684 TenCent RapidJSON Elevation of Privilege Vulnerability <p><strong>According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>An attacker must send the user a malicious file and convince them to open it.</p> <p><strong>Why is this GitHub CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in RapidJSON library which is consumed by Microsoft Active Directory Rights Management Services Client. The CVE for this open source component, which is used in a Microsoft product, is assigned by GitHub CNA.</p> Active Directory Rights Management Services Github Yes CVE-2024-39684 Integer Overflow or Wraparound 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 9312 10287 9318 9344 10051 10049 10378 10379 10483 10543 Elevation of Privilege 11568 Elevation of Privilege 11569 Elevation of Privilege 11571 Elevation of Privilege 11572 Elevation of Privilege 11923 Elevation of Privilege 11924 Elevation of Privilege 11926 Elevation of Privilege 11927 Elevation of Privilege 11929 Elevation of Privilege 11930 Elevation of Privilege 11931 Elevation of Privilege 12085 Elevation of Privilege 12086 Elevation of Privilege 12097 Elevation of Privilege 12098 Elevation of Privilege 12099 Elevation of Privilege 12242 Elevation of Privilege 12243 Elevation of Privilege 12244 Elevation of Privilege 10729 Elevation of Privilege 10735 Elevation of Privilege 10852 Elevation of Privilege 10853 Elevation of Privilege 10816 Elevation of Privilege 10855 Elevation of Privilege 9312 Elevation of Privilege 10287 Elevation of Privilege 9318 Elevation of Privilege 9344 Elevation of Privilege 10051 Elevation of Privilege 10049 Elevation of Privilege 10378 Elevation of Privilege 10379 Elevation of Privilege 10483 Elevation of Privilege 10543 Moderate 11568 Moderate 11569 Moderate 11571 Moderate 11572 Moderate 11923 Moderate 11924 Moderate 11926 Moderate 11927 Moderate 11929 Moderate 11930 Moderate 11931 Moderate 12085 Moderate 12086 Moderate 12097 Moderate 12098 Moderate 12099 Moderate 12242 Moderate 12243 Moderate 12244 Moderate 10729 Moderate 10735 Moderate 10852 Moderate 10853 Moderate 10816 Moderate 10855 Moderate 9312 Moderate 10287 Moderate 9318 Moderate 9344 Moderate 10051 Moderate 10049 Moderate 10378 Moderate 10379 Moderate 10483 Moderate 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9312 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10287 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9318 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 9344 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10051 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10049 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10378 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10379 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.8 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5040430 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430 5039217 11568 11569 11571 11572 Yes Security Update 10.0.17763.6054 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040430 5040430 https://support.microsoft.com/help/5040430 11568 11569 11571 11572 5040437 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437 5039227 11923 11924 Yes Security Update 10.0.20348.2582 https://support.microsoft.com/help/5040437 11923 11924 5040437 5040437 https://support.microsoft.com/help/5040437 11923 11924 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 11929 11930 11931 Yes Security Update 10.0.19044.4651 https://support.microsoft.com/help/5040427 11929 11930 11931 5040427 5040427 https://support.microsoft.com/help/5040427 11929 11930 11931 12097 12098 12099 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12085 12086 Yes Security Update 10.0.22621.3880 https://support.microsoft.com/help/5040442 12085 12086 5040442 5040442 https://support.microsoft.com/help/5040442 12085 12086 12242 12243 5040427 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040427 5039211 12097 12098 12099 Yes Security Update 10.0.19045.4651 https://support.microsoft.com/help/5040427 12097 12098 12099 5040427 5040442 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040442 5039212 12242 12243 Yes Security Update 10.0.22631.3880 https://support.microsoft.com/help/5040442 12242 12243 5040442 5040438 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040438 5039236 12244 Yes Security Update 10.0.25398.1009 https://support.microsoft.com/help/5040438 12244 5040438 5040438 https://support.microsoft.com/help/5040438 12244 5040448 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040448 5039225 10729 10735 Yes Security Update 10.0.10240.20710 https://support.microsoft.com/help/5040448 10729 10735 5040448 5040448 https://support.microsoft.com/help/5040448 10729 10735 5040434 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040434 5039214 10852 10853 10816 10855 Yes Security Update 10.0.14393.7159 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040434 5040434 https://support.microsoft.com/help/5040434 10852 10853 10816 10855 5040499 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040499 5039245 9312 10287 9318 9344 Yes Monthly Rollup 6.0.6003.22769 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040499 5040499 https://support.microsoft.com/help/5040499 9312 10287 9318 9344 5040490 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040490 9312 10287 9318 9344 Yes Security Only 6.0.6003.22769 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040490 5040490 https://support.microsoft.com/help/5040490 9312 10287 9318 9344 5040497 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040497 5039289 10051 10049 Yes Monthly Rollup 6.1.7601.27219 https://support.microsoft.com/help/5040497 10051 10049 5040497 5040497 https://support.microsoft.com/help/5040497 10051 10049 5040498 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040498 10051 10049 Yes Security Only 6.1.7601.27219 https://support.microsoft.com/help/5040498 10051 10049 5040498 5040498 https://support.microsoft.com/help/5040498 10051 10049 5040485 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040485 5039260 10378 10379 Yes Monthly Rollup 6.2.9200.24975 https://support.microsoft.com/help/5040485 10378 10379 5040485 5040485 https://support.microsoft.com/help/5040485 10378 10379 5040456 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040456 5039294 10483 10543 Yes Monthly Rollup 6.3.9600.22074 https://support.microsoft.com/help/5040456 10483 10543 5040456 5040456 https://support.microsoft.com/help/5040456 10483 10543 Anonymous 1.0 2024-07-09T07:00:00 <p>Information published.</p> GroupMe Elevation of Privilege Vulnerability <p>An improper restriction of excessive authentication attempts in <a href="https://groupme.com/">GroupMe</a> allows a unauthenticated attacker to elevate privileges over a network.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> GroupMe Microsoft No CVE-2024-38176 Improper Restriction of Excessive Authentication Attempts 12384 Elevation of Privilege 12384 Critical 12384 Publicly Disclosed:No;Exploited:No 8.1 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12384 Guy Arazi with Microsoft 1.0 2024-07-23T07:00:00 <p>Information published.</p> GroupMe Elevation of Privilege Vulnerability <p>An improper access control vulnerability in <a href="https://groupme.com/">GroupMe</a> allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.</p> <p><strong>Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?</strong></p> <p>This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.</p> <p>Please see <a href="https://aka.ms/MSRC-Cloud-CVEs">Toward greater transparency: Unveiling Cloud Service CVEs</a> for more information.</p> GroupMe Microsoft No CVE-2024-38164 Improper Access Control 12384 Elevation of Privilege 12384 Critical 12384 Publicly Disclosed:No;Exploited:No 9.6 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C 12384 Jonah Hook 1.0 2024-07-23T07:00:00 <p>Information published.</p> Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability <p><strong>Why is this Adobe CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Adobe Software which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>127.0.2651.74</td> <td>127.0.6533.73</td> <td>7/11/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Adobe Systems Incorporated Yes CVE-2024-39379 11655 Remote Code Execution 11655 Moderate 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 7.0 6.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 127.0.2651.74 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 0x140ce 1.0 2024-07-25T07:00:00 <p>Information published.</p> Chromium: CVE-2024-6988 Use after free in Downloads <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>127.0.2651.74</td> <td>127.0.6533.73</td> <td>7/11/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-6988 11655 11655 11655 Release Notes 11655 No Security Update 127.0.2651.74 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-07-25T18:29:54 <p>Information published.</p> Chromium: CVE-2024-6989 Use after free in Loader <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>127.0.2651.74</td> <td>127.0.6533.73</td> <td>7/11/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-6989 11655 11655 11655 Release Notes 11655 No Security Update 127.0.2651.74 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-07-25T18:29:59 <p>Information published.</p> Chromium: CVE-2024-6999 Inappropriate implementation in FedCM <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>127.0.2651.74</td> <td>127.0.6533.73</td> <td>7/11/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-6999 11655 11655 11655 Release Notes 11655 No Security Update 127.0.2651.74 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-07-25T18:30:18 <p>Information published.</p> Chromium: CVE-2024-6998 Use after free in User Education <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>127.0.2651.74</td> <td>127.0.6533.73</td> <td>7/11/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-6998 11655 11655 11655 Release Notes 11655 No Security Update 127.0.2651.74 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-07-25T18:30:16 <p>Information published.</p> Chromium: CVE-2024-6996 Race in Frames <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>127.0.2651.74</td> <td>127.0.6533.73</td> <td>7/11/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-6996 11655 11655 11655 Release Notes 11655 No Security Update 127.0.2651.74 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-07-25T18:30:12 <p>Information published.</p> Chromium: CVE-2024-6997 Use after free in Tabs <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>127.0.2651.74</td> <td>127.0.6533.73</td> <td>7/11/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-6997 11655 11655 11655 Release Notes 11655 No Security Update 127.0.2651.74 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-07-25T18:30:14 <p>Information published.</p> Chromium: CVE-2024-6994 Heap buffer overflow in Layout <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>127.0.2651.74</td> <td>127.0.6533.73</td> <td>7/11/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-6994 11655 11655 11655 Release Notes 11655 No Security Update 127.0.2651.74 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-07-25T18:30:08 <p>Information published.</p> Chromium: CVE-2024-6995 Inappropriate implementation in Fullscreen <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>127.0.2651.74</td> <td>127.0.6533.73</td> <td>7/11/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-6995 11655 11655 11655 Release Notes 11655 No Security Update 127.0.2651.74 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-07-25T18:30:10 <p>Information published.</p> Chromium: CVE-2024-7005 Insufficient validation of untrusted input in Safe Browsing <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>127.0.2651.74</td> <td>127.0.6533.73</td> <td>7/11/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-7005 11655 11655 11655 Release Notes 11655 No Security Update 127.0.2651.74 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-07-25T18:30:28 <p>Information published.</p> Chromium: CVE-2024-6991 Use after free in Dawn <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>127.0.2651.74</td> <td>127.0.6533.73</td> <td>7/11/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-6991 11655 11655 11655 Release Notes 11655 No Security Update 127.0.2651.74 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-07-25T18:30:01 <p>Information published.</p> Chromium: CVE-2024-7004 Insufficient validation of untrusted input in Safe Browsing <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>127.0.2651.74</td> <td>127.0.6533.73</td> <td>7/11/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-7004 11655 11655 11655 Release Notes 11655 No Security Update 127.0.2651.74 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-07-25T18:30:26 <p>Information published.</p> Chromium: CVE-2024-7003 Inappropriate implementation in FedCM <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>127.0.2651.74</td> <td>127.0.6533.73</td> <td>7/11/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-7003 11655 11655 11655 Release Notes 11655 No Security Update 127.0.2651.74 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-07-25T18:30:24 <p>Information published.</p> Chromium: CVE-2024-7001 Inappropriate implementation in HTML <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>127.0.2651.74</td> <td>127.0.6533.73</td> <td>7/11/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-7001 11655 11655 11655 Release Notes 11655 No Security Update 127.0.2651.74 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-07-25T18:30:22 <p>Information published.</p> Chromium: CVE-2024-7000 Use after free in CSS <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>127.0.2651.74</td> <td>127.0.6533.73</td> <td>7/11/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-7000 11655 11655 11655 Release Notes 11655 No Security Update 127.0.2651.74 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-07-25T18:30:20 <p>Information published.</p> Microsoft Edge (Chromium-based) Information Disclosure Vulnerability <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.</p> <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.</p> <p><strong>Why is the severity for this CVE rated as Moderate, but the CVSS score is higher than normal?</strong></p> <p><a href="https://www.microsoft.com/en-us/msrc/bounty-new-edge">Per our severity guidelines</a>, the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity, specifically it says, &quot;If a bug requires more than a click, a key press, or several preconditions, the severity will be downgraded&quot;. The CVSS scoring system doesn't allow for this type of nuance.</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2024-38103 Exposure of Private Personal Information to an Unauthorized Actor 11655 Information Disclosure 11655 Moderate 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 5.9 5.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 127.0.2651.74 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes <a href="https://twitter.com/shhnjk">Jun Kokatsu</a> 1.0 2024-07-25T07:00:00 <p>Information published.</p> RedHat Openssh: CVE-2024-6387 Remote Code Execution Due To A Race Condition In Signal Handling <p><strong>Why is the Red Hat Inc. the assigning CNA (CVE Numbering Authority)?</strong></p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2024-6387">CVE-2024-6387</a> is regarding a vulnerability in OppenSSH's server (sshd). Red Hat created this CVE on its behalf.</p> <p><strong>Is Microsoft Windows vulnerable to CVE-2024-6387?</strong></p> <p>No, Microsoft Windows is not affected by this vulnerability. Although Windows contains an OpenSSH component, the vulnerable code cannot be exploited or controlled by an adversary.</p> <p>The race condition used in this exploit is not possible in Windows because of significant differences with login grace timeout handling in the win32-openssh implementation.</p> <p><strong>Is the update for Azure Kubernetes Service Nodes on Ubuntu Linux currently available?</strong></p> <p>The security update for Azure Kubernetes Service (AKS) Nodes on Ubuntu Linux is currently being deployed but may not yet be available depending on your resource's deployment region. The deployment will be completed as soon as possible and customers can check the availability of the update here: <a href="https://releases.aks.azure.com/#tabversion">AKS Release Tracker</a></p> Open Source Software Red Hat, Inc. Yes CVE-2024-6387 Signal Handler Race Condition 12140 12139 12395 12396 12391-12392 12391-12393 12391-12394 Remote Code Execution 12140 Remote Code Execution 12139 Remote Code Execution 12395 Remote Code Execution 12396 Remote Code Execution 12391-12392 Remote Code Execution 12391-12393 Remote Code Execution 12391-12394 Critical 12140 Critical 12139 Critical 12395 Critical 12396 Critical 12391-12392 Critical 12391-12393 Critical 12391-12394 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12140 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12139 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12395 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12396 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12391-12392 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12391-12393 8.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12391-12394 openssh 12140 12139 CBL-Mariner 8.9p1-6 https://www.cve.org/CVERecord?id=CVE-2024-6387 12140 12139 openssh Release Notes https://learn.microsoft.com/en-us/azure/aks/node-image-upgrade 12395 Maybe Security Update 202407.03.0 https://github.com/Azure/AgentBaker/blob/master/vhdbuilder/release-notes/AKSUbuntu/gen2/2204containerd/202407.03.0.txt 12395 Release Notes Release Notes https://learn.microsoft.com/en-us/azure/aks/node-image-upgrade 12396 Maybe Security Update 202407.08.0 https://github.com/Azure/AgentBaker/blob/master/vhdbuilder/release-notes/AKSAzureLinux/gen2/202407.08.0.txt 12396 Release Notes Release Notes https://learn.microsoft.com/en-us/azure/azure-arc/resource-bridge/upgrade#manual-upgrade 12391-12392 12391-12393 No Security Update 1.2.0 https://github.com/Azure/ArcResourceBridge/releases 12391-12392 12391-12393 Release Notes Release Notes https://learn.microsoft.com/en-us/azure-stack/hci/update/about-updates-23h2 12391-12394 Maybe Security Update 2408 https://learn.microsoft.com/en-us/azure-stack/hci/whats-new?tabs=2408releases 12391-12394 Release Notes 2.0 2024-08-01T07:00:00 <p>In the Security Updates table, added Azure Arc Resource Bridge and Azure Kubernetes Service Nodes because these product are also affected by this vulnerability. Microsoft strongly recommends that customers using these products install the updates to be fully protected from the vulnerability.</p> 1.0 2024-07-11T07:00:00 <p>Information published.</p> 1.1 2024-07-15T07:00:00 <p>Updated FAQ information. This is an informational change only.</p> 2.1 2024-09-19T07:00:00 <p>Microsoft is announcing the availability of the security update for Azure Arc Resource Bridge installed on Azure Stack HCI to address this vulnerability. Customers running Azure Arc Resource Bridge should install the Azure Stack HCI 2408 update to be protected from this vulnerability.</p> Microsoft Edge (Chromium-based) Spoofing Vulnerability <p><strong>According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?</strong></p> <p>The user would have to click on a specially crafted URL to be compromised by the attacker.</p> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?</strong></p> <p>Limited information from the victim's browser associated with the vulnerable URL can be sent to the attacker by the malicious code.</p> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>116.0.1938.81</td> <td>N/A</td> <td>7/11/2024</td> </tr> </tbody> </table> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>127.0.2651.74</td> <td>127.0.6533.73</td> <td>7/11/2024</td> </tr> </tbody> </table> <p><strong>According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?</strong></p> <p>The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.</p> <p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p> <p>The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.</p> Microsoft Edge (Chromium-based) Microsoft Yes CVE-2024-38156 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 11655 Spoofing 11655 Moderate 11655 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely 6.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C 11655 Release Notes 11655 No Security Update 126.0.2592.102 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes <a href="https://twitter.com/shhnjk">Jun Kokatsu</a> 1.0 2024-07-17T07:00:00 <p>Information published.</p> Chromium: CVE-2024-6779 Out of bounds memory access in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>126.0.2592.113</td> <td>126.0.6478.182/183</td> <td>7/18/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-6779 11655 11655 11655 Release Notes 11655 No Security Update 126.0.2592.113 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-07-18T17:33:45 <p>Information published.</p> Chromium: CVE-2024-6773 Type Confusion in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>126.0.2592.113</td> <td>126.0.6478.182/183</td> <td>7/18/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-6773 11655 11655 11655 Release Notes 11655 No Security Update 126.0.2592.113 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-07-18T17:33:29 <p>Information published.</p> Chromium: CVE-2024-6772 Inappropriate implementation in V8 <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>126.0.2592.113</td> <td>126.0.6478.182/183</td> <td>7/18/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-6772 11655 11655 11655 Release Notes 11655 No Security Update 126.0.2592.113 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-07-18T17:33:27 <p>Information published.</p> Chromium: CVE-2024-6775 Use after free in Media Stream <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>126.0.2592.113</td> <td>126.0.6478.182/183</td> <td>7/18/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-6775 11655 11655 11655 Release Notes 11655 No Security Update 126.0.2592.113 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-07-18T17:33:36 <p>Information published.</p> Chromium: CVE-2024-6776 Use after free in Audio <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>126.0.2592.113</td> <td>126.0.6478.182/183</td> <td>7/18/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-6776 11655 11655 11655 Release Notes 11655 No Security Update 126.0.2592.113 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-07-18T17:33:39 <p>Information published.</p> Chromium: CVE-2024-6778 Race in DevTools <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>126.0.2592.113</td> <td>126.0.6478.182/183</td> <td>7/18/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-6778 11655 11655 11655 Release Notes 11655 No Security Update 126.0.2592.113 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-07-18T17:33:43 <p>Information published.</p> Chromium: CVE-2024-6777 Use after free in Navigation <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>126.0.2592.113</td> <td>126.0.6478.182/183</td> <td>7/18/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-6777 11655 11655 11655 Release Notes 11655 No Security Update 126.0.2592.113 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-07-18T17:33:41 <p>Information published.</p> Chromium: CVE-2024-6774 Use after free in Screen Capture <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p> <p><strong>Why is this Chrome CVE included in the Security Update Guide?</strong></p> <p>The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.</p> <p><strong>How can I see the version of the browser?</strong></p> <ol> <li>In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window</li> <li>Click on <strong>Help and Feedback</strong></li> <li>Click on <strong>About Microsoft Edge</strong></li> </ol> <p><strong>What is the version information for this release?</strong></p> <table> <thead> <tr> <th>Microsoft Edge Channel</th> <th>Microsoft Edge Version</th> <th>Based on Chromium Version</th> <th>Date Released</th> </tr> </thead> <tbody> <tr> <td>Stable</td> <td>126.0.2592.113</td> <td>126.0.6478.182/183</td> <td>7/18/2024</td> </tr> </tbody> </table> Microsoft Edge (Chromium-based) Chrome Yes CVE-2024-6774 11655 11655 11655 Release Notes 11655 No Security Update 126.0.2592.113 https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security 11655 Release Notes 1.0 2024-07-18T17:33:32 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-5156 https://nvd.nist.gov/vuln/detail/CVE-2023-5156 https://nvd.nist.gov/vuln/detail/CVE-2023-5156 https://nvd.nist.gov/vuln/detail/CVE-2023-5156 Mariner secalert@redhat.com Yes CVE-2023-5156 12139 12140 12356 12357 12139 12140 12356 12357 12139 12140 12356 12357 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12139 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12140 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12356 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12357 glibc 12139 glibc-2.35-6.cm2.x86_64.rpm 0001-01-01T00:00:00 glibc-devel-2.35-6.cm2.x86_64.rpm 0001-01-01T00:00:00 glibc-static-2.35-6.cm2.x86_64.rpm 0001-01-01T00:00:00 glibc-lang-2.35-6.cm2.x86_64.rpm 0001-01-01T00:00:00 glibc-i18n-2.35-6.cm2.x86_64.rpm 0001-01-01T00:00:00 glibc-iconv-2.35-6.cm2.x86_64.rpm 0001-01-01T00:00:00 glibc-tools-2.35-6.cm2.x86_64.rpm 0001-01-01T00:00:00 glibc-nscd-2.35-6.cm2.x86_64.rpm 0001-01-01T00:00:00 glibc-debuginfo-2.35-6.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.35-6 https://nvd.nist.gov/vuln/detail/CVE-2023-5156 12139 glibc glibc 12140 glibc-2.35-6.cm2.aarch64.rpm 0001-01-01T00:00:00 glibc-devel-2.35-6.cm2.aarch64.rpm 0001-01-01T00:00:00 glibc-static-2.35-6.cm2.aarch64.rpm 0001-01-01T00:00:00 glibc-lang-2.35-6.cm2.aarch64.rpm 0001-01-01T00:00:00 glibc-i18n-2.35-6.cm2.aarch64.rpm 0001-01-01T00:00:00 glibc-iconv-2.35-6.cm2.aarch64.rpm 0001-01-01T00:00:00 glibc-tools-2.35-6.cm2.aarch64.rpm 0001-01-01T00:00:00 glibc-nscd-2.35-6.cm2.aarch64.rpm 0001-01-01T00:00:00 glibc-debuginfo-2.35-6.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.35-6 https://nvd.nist.gov/vuln/detail/CVE-2023-5156 12140 glibc glibc 12356 glibc-2.38-6.azl3.x86_64.rpm 0001-01-01T00:00:00 glibc-devel-2.38-6.azl3.x86_64.rpm 0001-01-01T00:00:00 glibc-static-2.38-6.azl3.x86_64.rpm 0001-01-01T00:00:00 glibc-lang-2.38-6.azl3.x86_64.rpm 0001-01-01T00:00:00 glibc-i18n-2.38-6.azl3.x86_64.rpm 0001-01-01T00:00:00 glibc-iconv-2.38-6.azl3.x86_64.rpm 0001-01-01T00:00:00 glibc-tools-2.38-6.azl3.x86_64.rpm 0001-01-01T00:00:00 glibc-nscd-2.38-6.azl3.x86_64.rpm 0001-01-01T00:00:00 glibc-locales-all-2.38-6.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.38-6 https://nvd.nist.gov/vuln/detail/CVE-2023-5156 12356 glibc glibc 12357 glibc-2.38-6.azl3.aarch64.rpm 0001-01-01T00:00:00 glibc-devel-2.38-6.azl3.aarch64.rpm 0001-01-01T00:00:00 glibc-static-2.38-6.azl3.aarch64.rpm 0001-01-01T00:00:00 glibc-lang-2.38-6.azl3.aarch64.rpm 0001-01-01T00:00:00 glibc-i18n-2.38-6.azl3.aarch64.rpm 0001-01-01T00:00:00 glibc-iconv-2.38-6.azl3.aarch64.rpm 0001-01-01T00:00:00 glibc-tools-2.38-6.azl3.aarch64.rpm 0001-01-01T00:00:00 glibc-nscd-2.38-6.azl3.aarch64.rpm 0001-01-01T00:00:00 glibc-locales-all-2.38-6.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.38-6 https://nvd.nist.gov/vuln/detail/CVE-2023-5156 12357 glibc 1.0 2023-09-27T00:00:00 <p>Information published.</p> 1.1 2024-07-03T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 Mariner secalert@redhat.com Yes CVE-2023-4911 12139 12140 12356 12357 12139 12140 12356 12357 12139 12140 12356 12357 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12139 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12140 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12356 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12357 glibc 12139 glibc-2.35-5.cm2.x86_64.rpm 0001-01-01T00:00:00 glibc-devel-2.35-5.cm2.x86_64.rpm 0001-01-01T00:00:00 glibc-static-2.35-5.cm2.x86_64.rpm 0001-01-01T00:00:00 glibc-lang-2.35-5.cm2.x86_64.rpm 0001-01-01T00:00:00 glibc-i18n-2.35-5.cm2.x86_64.rpm 0001-01-01T00:00:00 glibc-iconv-2.35-5.cm2.x86_64.rpm 0001-01-01T00:00:00 glibc-tools-2.35-5.cm2.x86_64.rpm 0001-01-01T00:00:00 glibc-nscd-2.35-5.cm2.x86_64.rpm 0001-01-01T00:00:00 glibc-debuginfo-2.35-5.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.35-5 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 12139 glibc glibc 12140 glibc-2.35-5.cm2.aarch64.rpm 0001-01-01T00:00:00 glibc-devel-2.35-5.cm2.aarch64.rpm 0001-01-01T00:00:00 glibc-static-2.35-5.cm2.aarch64.rpm 0001-01-01T00:00:00 glibc-lang-2.35-5.cm2.aarch64.rpm 0001-01-01T00:00:00 glibc-i18n-2.35-5.cm2.aarch64.rpm 0001-01-01T00:00:00 glibc-iconv-2.35-5.cm2.aarch64.rpm 0001-01-01T00:00:00 glibc-tools-2.35-5.cm2.aarch64.rpm 0001-01-01T00:00:00 glibc-nscd-2.35-5.cm2.aarch64.rpm 0001-01-01T00:00:00 glibc-debuginfo-2.35-5.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.35-5 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 12140 glibc glibc 12356 glibc-2.38-6.azl3.x86_64.rpm 0001-01-01T00:00:00 glibc-devel-2.38-6.azl3.x86_64.rpm 0001-01-01T00:00:00 glibc-static-2.38-6.azl3.x86_64.rpm 0001-01-01T00:00:00 glibc-lang-2.38-6.azl3.x86_64.rpm 0001-01-01T00:00:00 glibc-i18n-2.38-6.azl3.x86_64.rpm 0001-01-01T00:00:00 glibc-iconv-2.38-6.azl3.x86_64.rpm 0001-01-01T00:00:00 glibc-tools-2.38-6.azl3.x86_64.rpm 0001-01-01T00:00:00 glibc-nscd-2.38-6.azl3.x86_64.rpm 0001-01-01T00:00:00 glibc-locales-all-2.38-6.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.38-6 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 12356 glibc glibc 12357 glibc-2.38-6.azl3.aarch64.rpm 0001-01-01T00:00:00 glibc-devel-2.38-6.azl3.aarch64.rpm 0001-01-01T00:00:00 glibc-static-2.38-6.azl3.aarch64.rpm 0001-01-01T00:00:00 glibc-lang-2.38-6.azl3.aarch64.rpm 0001-01-01T00:00:00 glibc-i18n-2.38-6.azl3.aarch64.rpm 0001-01-01T00:00:00 glibc-iconv-2.38-6.azl3.aarch64.rpm 0001-01-01T00:00:00 glibc-tools-2.38-6.azl3.aarch64.rpm 0001-01-01T00:00:00 glibc-nscd-2.38-6.azl3.aarch64.rpm 0001-01-01T00:00:00 glibc-locales-all-2.38-6.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.38-6 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 12357 glibc 1.0 2023-10-03T00:00:00 <p>Information published.</p> 1.1 2024-07-03T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2024-20961 https://nvd.nist.gov/vuln/detail/CVE-2024-20961 Mariner secalert_us@oracle.com Yes CVE-2024-20961 12139 12140 12139 12140 12139 12140 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12139 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12140 mysql 12139 mysql-8.0.36-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.36-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.36-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.36-1 https://nvd.nist.gov/vuln/detail/CVE-2024-20961 12139 mysql mysql 12140 mysql-8.0.36-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.36-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.36-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.36-1 https://nvd.nist.gov/vuln/detail/CVE-2024-20961 12140 mysql 1.0 2024-07-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2024-20963 https://nvd.nist.gov/vuln/detail/CVE-2024-20963 Mariner secalert_us@oracle.com Yes CVE-2024-20963 12139 12140 12139 12140 12139 12140 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12139 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12140 mysql 12139 mysql-8.0.36-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.36-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.36-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.36-1 https://nvd.nist.gov/vuln/detail/CVE-2024-20963 12139 mysql mysql 12140 mysql-8.0.36-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.36-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.36-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.36-1 https://nvd.nist.gov/vuln/detail/CVE-2024-20963 12140 mysql 1.0 2024-07-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2024-20971 https://nvd.nist.gov/vuln/detail/CVE-2024-20971 Mariner secalert_us@oracle.com Yes CVE-2024-20971 12139 12140 12139 12140 12139 12140 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12139 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12140 mysql 12139 mysql-8.0.36-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.36-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.36-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.36-1 https://nvd.nist.gov/vuln/detail/CVE-2024-20971 12139 mysql mysql 12140 mysql-8.0.36-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.36-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.36-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.36-1 https://nvd.nist.gov/vuln/detail/CVE-2024-20971 12140 mysql 1.0 2024-07-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2024-20981 https://nvd.nist.gov/vuln/detail/CVE-2024-20981 Mariner secalert_us@oracle.com Yes CVE-2024-20981 12139 12140 12139 12140 12139 12140 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12139 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12140 mysql 12139 mysql-8.0.36-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.36-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.36-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.36-1 https://nvd.nist.gov/vuln/detail/CVE-2024-20981 12139 mysql mysql 12140 mysql-8.0.36-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.36-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.36-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.36-1 https://nvd.nist.gov/vuln/detail/CVE-2024-20981 12140 mysql 1.0 2024-07-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2024-28863 https://nvd.nist.gov/vuln/detail/CVE-2024-28863 https://nvd.nist.gov/vuln/detail/CVE-2024-28863 https://nvd.nist.gov/vuln/detail/CVE-2024-28863 Mariner security-advisories@github.com Yes CVE-2024-28863 12356 12357 12139 12140 12356 12357 12139 12140 12356 12357 12139 12140 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12356 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12357 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12139 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12140 nodejs 12356 nodejs-20.14.0-1.azl3.x86_64.rpm 0001-01-01T00:00:00 nodejs-devel-20.14.0-1.azl3.x86_64.rpm 0001-01-01T00:00:00 nodejs-npm-20.14.0-1.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 20.14.0-1 https://nvd.nist.gov/vuln/detail/CVE-2024-28863 12356 nodejs nodejs 12357 nodejs-20.14.0-1.azl3.aarch64.rpm 0001-01-01T00:00:00 nodejs-devel-20.14.0-1.azl3.aarch64.rpm 0001-01-01T00:00:00 nodejs-npm-20.14.0-1.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 20.14.0-1 https://nvd.nist.gov/vuln/detail/CVE-2024-28863 12357 nodejs nodejs18 12139 nodejs18-18.20.3-1.cm2.x86_64.rpm 0001-01-01T00:00:00 nodejs18-devel-18.20.3-1.cm2.x86_64.rpm 0001-01-01T00:00:00 nodejs18-debuginfo-18.20.3-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 18.20.3-1 https://nvd.nist.gov/vuln/detail/CVE-2024-28863 12139 nodejs18 nodejs18 12140 nodejs18-18.20.3-1.cm2.aarch64.rpm 0001-01-01T00:00:00 nodejs18-devel-18.20.3-1.cm2.aarch64.rpm 0001-01-01T00:00:00 nodejs18-debuginfo-18.20.3-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 18.20.3-1 https://nvd.nist.gov/vuln/detail/CVE-2024-28863 12140 nodejs18 1.0 2024-06-30T07:00:00 <p>Information published.</p> 1.1 2024-07-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2024-31755 https://nvd.nist.gov/vuln/detail/CVE-2024-31755 Mariner cve@mitre.org Yes CVE-2024-31755 12139 12140 12139 12140 12139 12140 7.6 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 12139 7.6 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 12140 apparmor 12139 libapparmor-3.0.4-4.cm2.x86_64.rpm 0001-01-01T00:00:00 libapparmor-devel-3.0.4-4.cm2.x86_64.rpm 0001-01-01T00:00:00 apache2-mod_apparmor-3.0.4-4.cm2.x86_64.rpm 0001-01-01T00:00:00 apparmor-profiles-3.0.4-4.cm2.x86_64.rpm 0001-01-01T00:00:00 apparmor-parser-3.0.4-4.cm2.x86_64.rpm 0001-01-01T00:00:00 apparmor-abstractions-3.0.4-4.cm2.x86_64.rpm 0001-01-01T00:00:00 pam_apparmor-3.0.4-4.cm2.x86_64.rpm 0001-01-01T00:00:00 apparmor-utils-3.0.4-4.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-apparmor-3.0.4-4.cm2.x86_64.rpm 0001-01-01T00:00:00 perl-apparmor-3.0.4-4.cm2.x86_64.rpm 0001-01-01T00:00:00 apparmor-debuginfo-3.0.4-4.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 3.0.4-4 https://nvd.nist.gov/vuln/detail/CVE-2024-31755 12139 apparmor apparmor 12140 libapparmor-3.0.4-4.cm2.aarch64.rpm 0001-01-01T00:00:00 libapparmor-devel-3.0.4-4.cm2.aarch64.rpm 0001-01-01T00:00:00 apache2-mod_apparmor-3.0.4-4.cm2.aarch64.rpm 0001-01-01T00:00:00 apparmor-profiles-3.0.4-4.cm2.aarch64.rpm 0001-01-01T00:00:00 apparmor-parser-3.0.4-4.cm2.aarch64.rpm 0001-01-01T00:00:00 apparmor-abstractions-3.0.4-4.cm2.aarch64.rpm 0001-01-01T00:00:00 pam_apparmor-3.0.4-4.cm2.aarch64.rpm 0001-01-01T00:00:00 apparmor-utils-3.0.4-4.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-apparmor-3.0.4-4.cm2.aarch64.rpm 0001-01-01T00:00:00 perl-apparmor-3.0.4-4.cm2.aarch64.rpm 0001-01-01T00:00:00 apparmor-debuginfo-3.0.4-4.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 3.0.4-4 https://nvd.nist.gov/vuln/detail/CVE-2024-31755 12140 apparmor 1.0 2024-05-01T00:00:00 <p>Information published.</p> 1.1 2024-07-12T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 Mariner glibc-cna@sourceware.org Yes CVE-2024-33601 12139 12140 12139 12140 12139 12140 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12139 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12140 glibc 12139 glibc-2.35-7.cm2.x86_64.rpm 0001-01-01T00:00:00 glibc-devel-2.35-7.cm2.x86_64.rpm 0001-01-01T00:00:00 glibc-static-2.35-7.cm2.x86_64.rpm 0001-01-01T00:00:00 glibc-lang-2.35-7.cm2.x86_64.rpm 0001-01-01T00:00:00 glibc-i18n-2.35-7.cm2.x86_64.rpm 0001-01-01T00:00:00 glibc-iconv-2.35-7.cm2.x86_64.rpm 0001-01-01T00:00:00 glibc-tools-2.35-7.cm2.x86_64.rpm 0001-01-01T00:00:00 glibc-nscd-2.35-7.cm2.x86_64.rpm 0001-01-01T00:00:00 glibc-debuginfo-2.35-7.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.35-7 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 12139 glibc glibc 12140 glibc-2.35-7.cm2.aarch64.rpm 0001-01-01T00:00:00 glibc-devel-2.35-7.cm2.aarch64.rpm 0001-01-01T00:00:00 glibc-static-2.35-7.cm2.aarch64.rpm 0001-01-01T00:00:00 glibc-lang-2.35-7.cm2.aarch64.rpm 0001-01-01T00:00:00 glibc-i18n-2.35-7.cm2.aarch64.rpm 0001-01-01T00:00:00 glibc-iconv-2.35-7.cm2.aarch64.rpm 0001-01-01T00:00:00 glibc-tools-2.35-7.cm2.aarch64.rpm 0001-01-01T00:00:00 glibc-nscd-2.35-7.cm2.aarch64.rpm 0001-01-01T00:00:00 glibc-debuginfo-2.35-7.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.35-7 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 12140 glibc 1.0 2024-05-07T00:00:00 <p>Information published.</p> 1.1 2024-07-12T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2024-29160 https://nvd.nist.gov/vuln/detail/CVE-2024-29160 https://nvd.nist.gov/vuln/detail/CVE-2024-29160 https://nvd.nist.gov/vuln/detail/CVE-2024-29160 Mariner cve@mitre.org Yes CVE-2024-29160 12139 12140 12356 12357 12139 12140 12356 12357 12139 12140 12356 12357 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12139 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12140 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12356 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12357 hdf5 12139 hdf5-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-debuginfo-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4-1 https://nvd.nist.gov/vuln/detail/CVE-2024-29160 12139 hdf5 hdf5 12140 hdf5-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-debuginfo-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4-1 https://nvd.nist.gov/vuln/detail/CVE-2024-29160 12140 hdf5 hdf5 12356 hdf5-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4.3-1 https://nvd.nist.gov/vuln/detail/CVE-2024-29160 12356 hdf5 hdf5 12357 hdf5-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4.3-1 https://nvd.nist.gov/vuln/detail/CVE-2024-29160 12357 hdf5 1.0 2024-05-14T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-07-12T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2024-29165 https://nvd.nist.gov/vuln/detail/CVE-2024-29165 https://nvd.nist.gov/vuln/detail/CVE-2024-29165 https://nvd.nist.gov/vuln/detail/CVE-2024-29165 Mariner cve@mitre.org Yes CVE-2024-29165 12139 12140 12356 12357 12139 12140 12356 12357 12139 12140 12356 12357 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12139 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12140 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12356 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12357 hdf5 12139 hdf5-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-debuginfo-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4-1 https://nvd.nist.gov/vuln/detail/CVE-2024-29165 12139 hdf5 hdf5 12140 hdf5-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-debuginfo-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4-1 https://nvd.nist.gov/vuln/detail/CVE-2024-29165 12140 hdf5 hdf5 12356 hdf5-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4.3-1 https://nvd.nist.gov/vuln/detail/CVE-2024-29165 12356 hdf5 hdf5 12357 hdf5-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4.3-1 https://nvd.nist.gov/vuln/detail/CVE-2024-29165 12357 hdf5 1.0 2024-05-14T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-07-12T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2024-29164 https://nvd.nist.gov/vuln/detail/CVE-2024-29164 https://nvd.nist.gov/vuln/detail/CVE-2024-29164 https://nvd.nist.gov/vuln/detail/CVE-2024-29164 Mariner cve@mitre.org Yes CVE-2024-29164 12139 12140 12356 12357 12139 12140 12356 12357 12139 12140 12356 12357 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12139 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12140 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12356 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12357 hdf5 12139 hdf5-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-debuginfo-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4-1 https://nvd.nist.gov/vuln/detail/CVE-2024-29164 12139 hdf5 hdf5 12140 hdf5-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-debuginfo-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4-1 https://nvd.nist.gov/vuln/detail/CVE-2024-29164 12140 hdf5 hdf5 12356 hdf5-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4.3-1 https://nvd.nist.gov/vuln/detail/CVE-2024-29164 12356 hdf5 hdf5 12357 hdf5-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4.3-1 https://nvd.nist.gov/vuln/detail/CVE-2024-29164 12357 hdf5 1.0 2024-05-14T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-07-12T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2024-32614 https://nvd.nist.gov/vuln/detail/CVE-2024-32614 https://nvd.nist.gov/vuln/detail/CVE-2024-32614 https://nvd.nist.gov/vuln/detail/CVE-2024-32614 Mariner cve@mitre.org Yes CVE-2024-32614 12139 12140 12356 12357 12139 12140 12356 12357 12139 12140 12356 12357 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12139 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12140 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12356 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12357 hdf5 12139 hdf5-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-debuginfo-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4-1 https://nvd.nist.gov/vuln/detail/CVE-2024-32614 12139 hdf5 hdf5 12140 hdf5-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-debuginfo-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4-1 https://nvd.nist.gov/vuln/detail/CVE-2024-32614 12140 hdf5 hdf5 12356 hdf5-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4.3-1 https://nvd.nist.gov/vuln/detail/CVE-2024-32614 12356 hdf5 hdf5 12357 hdf5-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4.3-1 https://nvd.nist.gov/vuln/detail/CVE-2024-32614 12357 hdf5 1.0 2024-05-14T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-07-12T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2024-32613 https://nvd.nist.gov/vuln/detail/CVE-2024-32613 https://nvd.nist.gov/vuln/detail/CVE-2024-32613 https://nvd.nist.gov/vuln/detail/CVE-2024-32613 Mariner cve@mitre.org Yes CVE-2024-32613 12139 12140 12356 12357 12139 12140 12356 12357 12139 12140 12356 12357 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12139 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12140 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12356 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12357 hdf5 12139 hdf5-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-debuginfo-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4-1 https://nvd.nist.gov/vuln/detail/CVE-2024-32613 12139 hdf5 hdf5 12140 hdf5-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-debuginfo-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4-1 https://nvd.nist.gov/vuln/detail/CVE-2024-32613 12140 hdf5 hdf5 12356 hdf5-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4.3-1 https://nvd.nist.gov/vuln/detail/CVE-2024-32613 12356 hdf5 hdf5 12357 hdf5-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4.3-1 https://nvd.nist.gov/vuln/detail/CVE-2024-32613 12357 hdf5 1.0 2024-05-14T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-07-12T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2024-32612 https://nvd.nist.gov/vuln/detail/CVE-2024-32612 https://nvd.nist.gov/vuln/detail/CVE-2024-32612 https://nvd.nist.gov/vuln/detail/CVE-2024-32612 Mariner cve@mitre.org Yes CVE-2024-32612 12139 12140 12356 12357 12139 12140 12356 12357 12139 12140 12356 12357 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12139 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12140 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12356 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12357 hdf5 12139 hdf5-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-debuginfo-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4-1 https://nvd.nist.gov/vuln/detail/CVE-2024-32612 12139 hdf5 hdf5 12140 hdf5-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-debuginfo-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4-1 https://nvd.nist.gov/vuln/detail/CVE-2024-32612 12140 hdf5 hdf5 12356 hdf5-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4.3-1 https://nvd.nist.gov/vuln/detail/CVE-2024-32612 12356 hdf5 hdf5 12357 hdf5-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4.3-1 https://nvd.nist.gov/vuln/detail/CVE-2024-32612 12357 hdf5 1.0 2024-05-14T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-07-12T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2024-32616 https://nvd.nist.gov/vuln/detail/CVE-2024-32616 https://nvd.nist.gov/vuln/detail/CVE-2024-32616 https://nvd.nist.gov/vuln/detail/CVE-2024-32616 Mariner cve@mitre.org Yes CVE-2024-32616 12139 12140 12356 12357 12139 12140 12356 12357 12139 12140 12356 12357 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12139 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12140 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12356 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12357 hdf5 12139 hdf5-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-debuginfo-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4-1 https://nvd.nist.gov/vuln/detail/CVE-2024-32616 12139 hdf5 hdf5 12140 hdf5-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-debuginfo-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4-1 https://nvd.nist.gov/vuln/detail/CVE-2024-32616 12140 hdf5 hdf5 12356 hdf5-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4.3-1 https://nvd.nist.gov/vuln/detail/CVE-2024-32616 12356 hdf5 hdf5 12357 hdf5-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4.3-1 https://nvd.nist.gov/vuln/detail/CVE-2024-32616 12357 hdf5 1.0 2024-05-14T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-07-12T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2024-32618 https://nvd.nist.gov/vuln/detail/CVE-2024-32618 https://nvd.nist.gov/vuln/detail/CVE-2024-32618 https://nvd.nist.gov/vuln/detail/CVE-2024-32618 Mariner cve@mitre.org Yes CVE-2024-32618 12139 12140 12356 12357 12139 12140 12356 12357 12139 12140 12356 12357 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12139 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12140 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12356 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12357 hdf5 12139 hdf5-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-debuginfo-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4-1 https://nvd.nist.gov/vuln/detail/CVE-2024-32618 12139 hdf5 hdf5 12140 hdf5-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-debuginfo-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4-1 https://nvd.nist.gov/vuln/detail/CVE-2024-32618 12140 hdf5 hdf5 12356 hdf5-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4.3-1 https://nvd.nist.gov/vuln/detail/CVE-2024-32618 12356 hdf5 hdf5 12357 hdf5-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4.3-1 https://nvd.nist.gov/vuln/detail/CVE-2024-32618 12357 hdf5 1.0 2024-05-14T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-07-12T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2024-33874 https://nvd.nist.gov/vuln/detail/CVE-2024-33874 https://nvd.nist.gov/vuln/detail/CVE-2024-33874 https://nvd.nist.gov/vuln/detail/CVE-2024-33874 Mariner cve@mitre.org Yes CVE-2024-33874 12139 12140 12356 12357 12139 12140 12356 12357 12139 12140 12356 12357 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12139 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12140 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12356 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12357 hdf5 12139 hdf5-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-debuginfo-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4-1 https://nvd.nist.gov/vuln/detail/CVE-2024-33874 12139 hdf5 hdf5 12140 hdf5-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-debuginfo-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4-1 https://nvd.nist.gov/vuln/detail/CVE-2024-33874 12140 hdf5 hdf5 12356 hdf5-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4.3-1 https://nvd.nist.gov/vuln/detail/CVE-2024-33874 12356 hdf5 hdf5 12357 hdf5-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4.3-1 https://nvd.nist.gov/vuln/detail/CVE-2024-33874 12357 hdf5 1.0 2024-05-14T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-07-12T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2024-32623 https://nvd.nist.gov/vuln/detail/CVE-2024-32623 https://nvd.nist.gov/vuln/detail/CVE-2024-32623 https://nvd.nist.gov/vuln/detail/CVE-2024-32623 Mariner cve@mitre.org Yes CVE-2024-32623 12139 12140 12356 12357 12139 12140 12356 12357 12139 12140 12356 12357 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12139 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12140 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12356 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12357 hdf5 12139 hdf5-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-debuginfo-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4-1 https://nvd.nist.gov/vuln/detail/CVE-2024-32623 12139 hdf5 hdf5 12140 hdf5-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-debuginfo-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4-1 https://nvd.nist.gov/vuln/detail/CVE-2024-32623 12140 hdf5 hdf5 12356 hdf5-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4.3-1 https://nvd.nist.gov/vuln/detail/CVE-2024-32623 12356 hdf5 hdf5 12357 hdf5-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4.3-1 https://nvd.nist.gov/vuln/detail/CVE-2024-32623 12357 hdf5 1.0 2024-05-14T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-07-12T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-2976 https://nvd.nist.gov/vuln/detail/CVE-2023-2976 https://nvd.nist.gov/vuln/detail/CVE-2023-2976 Mariner cve-coordination@google.com Yes CVE-2023-2976 12139 12140 12139 12140 12139 12140 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 12139 7.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 12140 guava 12139 CBL-Mariner 25.0-8 https://nvd.nist.gov/vuln/detail/CVE-2023-2976 12139 guava javapackages-bootstrap 12139 12140 javapackages-bootstrap-1.5.0-5.cm2.noarch.rpm 0001-01-01T00:00:00 CBL-Mariner 1.5.0-5 https://nvd.nist.gov/vuln/detail/CVE-2023-2976 12139 12140 javapackages-bootstrap guava 12140 guava-25.0-8.cm2.noarch.rpm 0001-01-01T00:00:00 guava-javadoc-25.0-8.cm2.noarch.rpm 0001-01-01T00:00:00 guava-testlib-25.0-8.cm2.noarch.rpm 0001-01-01T00:00:00 CBL-Mariner 25.0-8 https://nvd.nist.gov/vuln/detail/CVE-2023-2976 12140 guava 1.0 2024-06-30T07:00:00 <p>Information published.</p> 1.1 2024-07-12T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-52802 https://nvd.nist.gov/vuln/detail/CVE-2023-52802 Mariner 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Yes CVE-2023-52802 12139 12140 12139 12140 12139 12140 kernel 12139 kernel-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-perf-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 bpftool-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.158.2-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.158.2-1 https://nvd.nist.gov/vuln/detail/CVE-2023-52802 12139 kernel kernel 12140 kernel-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-devel-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-accessibility-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-gpu-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-drivers-sound-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-docs-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-tools-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-perf-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-dtb-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 bpftool-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 kernel-debuginfo-5.15.158.2-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 5.15.158.2-1 https://nvd.nist.gov/vuln/detail/CVE-2023-52802 12140 kernel 1.0 2024-07-12T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2024-32487 https://nvd.nist.gov/vuln/detail/CVE-2024-32487 https://nvd.nist.gov/vuln/detail/CVE-2024-32487 https://nvd.nist.gov/vuln/detail/CVE-2024-32487 Mariner cve@mitre.org Yes CVE-2024-32487 12139 12140 12356 12357 12139 12140 12356 12357 12139 12140 12356 12357 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 12139 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 12140 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 12356 8.6 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 12357 less 12139 less-590-4.cm2.x86_64.rpm 0001-01-01T00:00:00 less-debuginfo-590-4.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 590-4 https://nvd.nist.gov/vuln/detail/CVE-2024-32487 12139 less less 12140 less-590-4.cm2.aarch64.rpm 0001-01-01T00:00:00 less-debuginfo-590-4.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 590-4 https://nvd.nist.gov/vuln/detail/CVE-2024-32487 12140 less less 12356 less-643-2.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 643-2 https://nvd.nist.gov/vuln/detail/CVE-2024-32487 12356 less less 12357 less-643-2.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 643-2 https://nvd.nist.gov/vuln/detail/CVE-2024-32487 12357 less 1.0 2024-04-22T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-07-12T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2024-31584 https://nvd.nist.gov/vuln/detail/CVE-2024-31584 Mariner cve@mitre.org Yes CVE-2024-31584 12139 12140 12139 12140 12139 12140 5.5 5.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L 12139 5.5 5.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L 12140 pytorch 12139 python3-pytorch-2.0.0-5.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-pytorch-doc-2.0.0-5.cm2.x86_64.rpm 0001-01-01T00:00:00 pytorch-debuginfo-2.0.0-5.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.0.0-5 https://nvd.nist.gov/vuln/detail/CVE-2024-31584 12139 pytorch pytorch 12140 python3-pytorch-2.0.0-5.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-pytorch-doc-2.0.0-5.cm2.aarch64.rpm 0001-01-01T00:00:00 pytorch-debuginfo-2.0.0-5.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.0.0-5 https://nvd.nist.gov/vuln/detail/CVE-2024-31584 12140 pytorch 1.0 2024-04-27T00:00:00 <p>Information published.</p> 1.1 2024-07-12T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 Mariner security@huntr.dev Yes CVE-2023-5535 12139 12140 12139 12140 12139 12140 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12139 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12140 vim 12139 vim-9.0.2010-1.cm2.x86_64.rpm 0001-01-01T00:00:00 vim-extra-9.0.2010-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 9.0.2010-1 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 12139 vim vim 12140 vim-9.0.2010-1.cm2.aarch64.rpm 0001-01-01T00:00:00 vim-extra-9.0.2010-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 9.0.2010-1 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 12140 vim 1.0 2024-07-12T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-2929 https://nvd.nist.gov/vuln/detail/CVE-2022-2929 Mariner security-officer@isc.org Yes CVE-2022-2929 12356 12357 12356 12357 12356 12357 6.5 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12356 6.5 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12357 dhcp 12356 dhcp-libs-4.4.3.P1-2.azl3.x86_64.rpm 0001-01-01T00:00:00 dhcp-devel-4.4.3.P1-2.azl3.x86_64.rpm 0001-01-01T00:00:00 dhcp-server-4.4.3.P1-2.azl3.x86_64.rpm 0001-01-01T00:00:00 dhcp-client-4.4.3.P1-2.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.4.3.P1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-2929 12356 dhcp dhcp 12357 dhcp-libs-4.4.3.P1-2.azl3.aarch64.rpm 0001-01-01T00:00:00 dhcp-devel-4.4.3.P1-2.azl3.aarch64.rpm 0001-01-01T00:00:00 dhcp-server-4.4.3.P1-2.azl3.aarch64.rpm 0001-01-01T00:00:00 dhcp-client-4.4.3.P1-2.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.4.3.P1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-2929 12357 dhcp 1.0 2024-07-12T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2022-2928 https://nvd.nist.gov/vuln/detail/CVE-2022-2928 Mariner security-officer@isc.org Yes CVE-2022-2928 12356 12357 12356 12357 12356 12357 6.5 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12356 6.5 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12357 dhcp 12356 dhcp-libs-4.4.3.P1-2.azl3.x86_64.rpm 0001-01-01T00:00:00 dhcp-devel-4.4.3.P1-2.azl3.x86_64.rpm 0001-01-01T00:00:00 dhcp-server-4.4.3.P1-2.azl3.x86_64.rpm 0001-01-01T00:00:00 dhcp-client-4.4.3.P1-2.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.4.3.P1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-2928 12356 dhcp dhcp 12357 dhcp-libs-4.4.3.P1-2.azl3.aarch64.rpm 0001-01-01T00:00:00 dhcp-devel-4.4.3.P1-2.azl3.aarch64.rpm 0001-01-01T00:00:00 dhcp-server-4.4.3.P1-2.azl3.aarch64.rpm 0001-01-01T00:00:00 dhcp-client-4.4.3.P1-2.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.4.3.P1-1 https://nvd.nist.gov/vuln/detail/CVE-2022-2928 12357 dhcp 1.0 2024-07-12T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2024-31744 https://nvd.nist.gov/vuln/detail/CVE-2024-31744 Mariner cve@mitre.org Yes CVE-2024-31744 12356 12357 12356 12357 12356 12357 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12356 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12357 jasper 12356 jasper-4.2.1-2.azl3.x86_64.rpm 0001-01-01T00:00:00 jasper-devel-4.2.1-2.azl3.x86_64.rpm 0001-01-01T00:00:00 jasper-libs-4.2.1-2.azl3.x86_64.rpm 0001-01-01T00:00:00 jasper-utils-4.2.1-2.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.2.1-2 https://nvd.nist.gov/vuln/detail/CVE-2024-31744 12356 jasper jasper 12357 jasper-4.2.1-2.azl3.aarch64.rpm 0001-01-01T00:00:00 jasper-devel-4.2.1-2.azl3.aarch64.rpm 0001-01-01T00:00:00 jasper-libs-4.2.1-2.azl3.aarch64.rpm 0001-01-01T00:00:00 jasper-utils-4.2.1-2.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.2.1-2 https://nvd.nist.gov/vuln/detail/CVE-2024-31744 12357 jasper 1.0 2024-06-30T07:00:00 <p>Information published.</p> 1.1 2024-07-12T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-42282 https://nvd.nist.gov/vuln/detail/CVE-2023-42282 https://nvd.nist.gov/vuln/detail/CVE-2023-42282 https://nvd.nist.gov/vuln/detail/CVE-2023-42282 https://nvd.nist.gov/vuln/detail/CVE-2023-42282 https://nvd.nist.gov/vuln/detail/CVE-2023-42282 https://nvd.nist.gov/vuln/detail/CVE-2023-42282 https://nvd.nist.gov/vuln/detail/CVE-2023-42282 Mariner cve@mitre.org Yes CVE-2023-42282 12139 12140 12356 12357 12139 12140 12356 12357 12139 12140 12356 12357 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12139 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12140 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12356 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12357 nodejs 12139 nodejs-16.20.2-3.cm2.x86_64.rpm 0001-01-01T00:00:00 nodejs-devel-16.20.2-3.cm2.x86_64.rpm 0001-01-01T00:00:00 nodejs-debuginfo-16.20.2-3.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 16.20.2-3 https://nvd.nist.gov/vuln/detail/CVE-2023-42282 12139 nodejs nodejs18 12139 nodejs18-18.18.2-4.cm2.x86_64.rpm 0001-01-01T00:00:00 nodejs18-devel-18.18.2-4.cm2.x86_64.rpm 0001-01-01T00:00:00 nodejs18-debuginfo-18.18.2-4.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 18.18.2-4 https://nvd.nist.gov/vuln/detail/CVE-2023-42282 12139 nodejs18 reaper 12139 reaper-3.1.1-10.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 3.1.1-10 https://nvd.nist.gov/vuln/detail/CVE-2023-42282 12139 reaper nodejs 12140 nodejs-16.20.2-3.cm2.aarch64.rpm 0001-01-01T00:00:00 nodejs-devel-16.20.2-3.cm2.aarch64.rpm 0001-01-01T00:00:00 nodejs-debuginfo-16.20.2-3.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 16.20.2-3 https://nvd.nist.gov/vuln/detail/CVE-2023-42282 12140 nodejs nodejs18 12140 nodejs18-18.18.2-4.cm2.aarch64.rpm 0001-01-01T00:00:00 nodejs18-devel-18.18.2-4.cm2.aarch64.rpm 0001-01-01T00:00:00 nodejs18-debuginfo-18.18.2-4.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 18.18.2-4 https://nvd.nist.gov/vuln/detail/CVE-2023-42282 12140 nodejs18 reaper 12140 CBL-Mariner 3.1.1-10 https://nvd.nist.gov/vuln/detail/CVE-2023-42282 12140 reaper nodejs 12356 nodejs-20.14.0-1.azl3.x86_64.rpm 0001-01-01T00:00:00 nodejs-devel-20.14.0-1.azl3.x86_64.rpm 0001-01-01T00:00:00 nodejs-npm-20.14.0-1.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 20.14.0-1 https://nvd.nist.gov/vuln/detail/CVE-2023-42282 12356 nodejs nodejs 12357 nodejs-20.14.0-1.azl3.aarch64.rpm 0001-01-01T00:00:00 nodejs-devel-20.14.0-1.azl3.aarch64.rpm 0001-01-01T00:00:00 nodejs-npm-20.14.0-1.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 20.14.0-1 https://nvd.nist.gov/vuln/detail/CVE-2023-42282 12357 nodejs 1.0 2024-02-19T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-07-13T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2015-7747 https://nvd.nist.gov/vuln/detail/CVE-2015-7747 Mariner cve@mitre.org Yes CVE-2015-7747 12356 12357 12356 12357 12356 12357 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12356 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12357 audiofile 12356 audiofile-0.3.6-27.azl3.x86_64.rpm 0001-01-01T00:00:00 audiofile-devel-0.3.6-27.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 0.3.6-27 https://nvd.nist.gov/vuln/detail/CVE-2015-7747 12356 audiofile audiofile 12357 audiofile-0.3.6-27.azl3.aarch64.rpm 0001-01-01T00:00:00 audiofile-devel-0.3.6-27.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 0.3.6-27 https://nvd.nist.gov/vuln/detail/CVE-2015-7747 12357 audiofile 1.0 2024-07-23T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2020-27823 https://nvd.nist.gov/vuln/detail/CVE-2020-27823 Mariner secalert@redhat.com Yes CVE-2020-27823 12356 12357 12356 12357 12356 12357 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12356 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12357 openjpeg2 12356 openjpeg2-2.3.1-12.azl3.x86_64.rpm 0001-01-01T00:00:00 openjpeg2-devel-2.3.1-12.azl3.x86_64.rpm 0001-01-01T00:00:00 openjpeg2-devel-docs-2.3.1-12.azl3.noarch.rpm 0001-01-01T00:00:00 openjpeg2-tools-2.3.1-12.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.3.1-12 https://nvd.nist.gov/vuln/detail/CVE-2020-27823 12356 openjpeg2 openjpeg2 12357 openjpeg2-2.3.1-12.azl3.aarch64.rpm 0001-01-01T00:00:00 openjpeg2-devel-2.3.1-12.azl3.aarch64.rpm 0001-01-01T00:00:00 openjpeg2-devel-docs-2.3.1-12.azl3.noarch.rpm 0001-01-01T00:00:00 openjpeg2-tools-2.3.1-12.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.3.1-12 https://nvd.nist.gov/vuln/detail/CVE-2020-27823 12357 openjpeg2 1.0 2024-07-23T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2020-27814 https://nvd.nist.gov/vuln/detail/CVE-2020-27814 Mariner secalert@redhat.com Yes CVE-2020-27814 12356 12357 12356 12357 12356 12357 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12356 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12357 openjpeg2 12356 openjpeg2-2.3.1-12.azl3.x86_64.rpm 0001-01-01T00:00:00 openjpeg2-devel-2.3.1-12.azl3.x86_64.rpm 0001-01-01T00:00:00 openjpeg2-devel-docs-2.3.1-12.azl3.noarch.rpm 0001-01-01T00:00:00 openjpeg2-tools-2.3.1-12.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.3.1-12 https://nvd.nist.gov/vuln/detail/CVE-2020-27814 12356 openjpeg2 openjpeg2 12357 openjpeg2-2.3.1-12.azl3.aarch64.rpm 0001-01-01T00:00:00 openjpeg2-devel-2.3.1-12.azl3.aarch64.rpm 0001-01-01T00:00:00 openjpeg2-devel-docs-2.3.1-12.azl3.noarch.rpm 0001-01-01T00:00:00 openjpeg2-tools-2.3.1-12.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.3.1-12 https://nvd.nist.gov/vuln/detail/CVE-2020-27814 12357 openjpeg2 1.0 2024-07-23T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2020-27824 https://nvd.nist.gov/vuln/detail/CVE-2020-27824 Mariner secalert@redhat.com Yes CVE-2020-27824 12356 12357 12356 12357 12356 12357 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12356 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12357 openjpeg2 12356 openjpeg2-2.3.1-12.azl3.x86_64.rpm 0001-01-01T00:00:00 openjpeg2-devel-2.3.1-12.azl3.x86_64.rpm 0001-01-01T00:00:00 openjpeg2-devel-docs-2.3.1-12.azl3.noarch.rpm 0001-01-01T00:00:00 openjpeg2-tools-2.3.1-12.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.3.1-12 https://nvd.nist.gov/vuln/detail/CVE-2020-27824 12356 openjpeg2 openjpeg2 12357 openjpeg2-2.3.1-12.azl3.aarch64.rpm 0001-01-01T00:00:00 openjpeg2-devel-2.3.1-12.azl3.aarch64.rpm 0001-01-01T00:00:00 openjpeg2-devel-docs-2.3.1-12.azl3.noarch.rpm 0001-01-01T00:00:00 openjpeg2-tools-2.3.1-12.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.3.1-12 https://nvd.nist.gov/vuln/detail/CVE-2020-27824 12357 openjpeg2 1.0 2024-07-23T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2020-27841 https://nvd.nist.gov/vuln/detail/CVE-2020-27841 Mariner secalert@redhat.com Yes CVE-2020-27841 12356 12357 12356 12357 12356 12357 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12356 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12357 openjpeg2 12356 openjpeg2-2.3.1-12.azl3.x86_64.rpm 0001-01-01T00:00:00 openjpeg2-devel-2.3.1-12.azl3.x86_64.rpm 0001-01-01T00:00:00 openjpeg2-devel-docs-2.3.1-12.azl3.noarch.rpm 0001-01-01T00:00:00 openjpeg2-tools-2.3.1-12.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.3.1-12 https://nvd.nist.gov/vuln/detail/CVE-2020-27841 12356 openjpeg2 openjpeg2 12357 openjpeg2-2.3.1-12.azl3.aarch64.rpm 0001-01-01T00:00:00 openjpeg2-devel-2.3.1-12.azl3.aarch64.rpm 0001-01-01T00:00:00 openjpeg2-devel-docs-2.3.1-12.azl3.noarch.rpm 0001-01-01T00:00:00 openjpeg2-tools-2.3.1-12.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.3.1-12 https://nvd.nist.gov/vuln/detail/CVE-2020-27841 12357 openjpeg2 1.0 2024-07-23T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2020-27843 https://nvd.nist.gov/vuln/detail/CVE-2020-27843 Mariner secalert@redhat.com Yes CVE-2020-27843 12356 12357 12356 12357 12356 12357 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12356 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12357 openjpeg2 12356 openjpeg2-2.3.1-12.azl3.x86_64.rpm 0001-01-01T00:00:00 openjpeg2-devel-2.3.1-12.azl3.x86_64.rpm 0001-01-01T00:00:00 openjpeg2-devel-docs-2.3.1-12.azl3.noarch.rpm 0001-01-01T00:00:00 openjpeg2-tools-2.3.1-12.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.3.1-12 https://nvd.nist.gov/vuln/detail/CVE-2020-27843 12356 openjpeg2 openjpeg2 12357 openjpeg2-2.3.1-12.azl3.aarch64.rpm 0001-01-01T00:00:00 openjpeg2-devel-2.3.1-12.azl3.aarch64.rpm 0001-01-01T00:00:00 openjpeg2-devel-docs-2.3.1-12.azl3.noarch.rpm 0001-01-01T00:00:00 openjpeg2-tools-2.3.1-12.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.3.1-12 https://nvd.nist.gov/vuln/detail/CVE-2020-27843 12357 openjpeg2 1.0 2024-07-23T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2020-27845 https://nvd.nist.gov/vuln/detail/CVE-2020-27845 Mariner secalert@redhat.com Yes CVE-2020-27845 12356 12357 12356 12357 12356 12357 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12356 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12357 openjpeg2 12356 openjpeg2-2.3.1-12.azl3.x86_64.rpm 0001-01-01T00:00:00 openjpeg2-devel-2.3.1-12.azl3.x86_64.rpm 0001-01-01T00:00:00 openjpeg2-devel-docs-2.3.1-12.azl3.noarch.rpm 0001-01-01T00:00:00 openjpeg2-tools-2.3.1-12.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.3.1-12 https://nvd.nist.gov/vuln/detail/CVE-2020-27845 12356 openjpeg2 openjpeg2 12357 openjpeg2-2.3.1-12.azl3.aarch64.rpm 0001-01-01T00:00:00 openjpeg2-devel-2.3.1-12.azl3.aarch64.rpm 0001-01-01T00:00:00 openjpeg2-devel-docs-2.3.1-12.azl3.noarch.rpm 0001-01-01T00:00:00 openjpeg2-tools-2.3.1-12.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.3.1-12 https://nvd.nist.gov/vuln/detail/CVE-2020-27845 12357 openjpeg2 1.0 2024-07-23T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2020-8597 https://nvd.nist.gov/vuln/detail/CVE-2020-8597 Mariner cve@mitre.org Yes CVE-2020-8597 12356 12357 12356 12357 12356 12357 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12356 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12357 ppp 12356 ppp-2.4.7-36.azl3.x86_64.rpm 0001-01-01T00:00:00 network-scripts-ppp-2.4.7-36.azl3.x86_64.rpm 0001-01-01T00:00:00 ppp-devel-2.4.7-36.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.4.7-36 https://nvd.nist.gov/vuln/detail/CVE-2020-8597 12356 ppp ppp 12357 ppp-2.4.7-36.azl3.aarch64.rpm 0001-01-01T00:00:00 network-scripts-ppp-2.4.7-36.azl3.aarch64.rpm 0001-01-01T00:00:00 ppp-devel-2.4.7-36.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.4.7-36 https://nvd.nist.gov/vuln/detail/CVE-2020-8597 12357 ppp 1.0 2024-07-23T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2020-8112 https://nvd.nist.gov/vuln/detail/CVE-2020-8112 Mariner cve@mitre.org Yes CVE-2020-8112 12356 12357 12356 12357 12356 12357 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12356 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12357 openjpeg2 12356 openjpeg2-2.3.1-12.azl3.x86_64.rpm 0001-01-01T00:00:00 openjpeg2-devel-2.3.1-12.azl3.x86_64.rpm 0001-01-01T00:00:00 openjpeg2-devel-docs-2.3.1-12.azl3.noarch.rpm 0001-01-01T00:00:00 openjpeg2-tools-2.3.1-12.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.3.1-12 https://nvd.nist.gov/vuln/detail/CVE-2020-8112 12356 openjpeg2 openjpeg2 12357 openjpeg2-2.3.1-12.azl3.aarch64.rpm 0001-01-01T00:00:00 openjpeg2-devel-2.3.1-12.azl3.aarch64.rpm 0001-01-01T00:00:00 openjpeg2-devel-docs-2.3.1-12.azl3.noarch.rpm 0001-01-01T00:00:00 openjpeg2-tools-2.3.1-12.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.3.1-12 https://nvd.nist.gov/vuln/detail/CVE-2020-8112 12357 openjpeg2 1.0 2024-07-23T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-4039 https://nvd.nist.gov/vuln/detail/CVE-2023-4039 https://nvd.nist.gov/vuln/detail/CVE-2023-4039 https://nvd.nist.gov/vuln/detail/CVE-2023-4039 Mariner arm-security@arm.com Yes CVE-2023-4039 12139 12140 12356 12357 12139 12140 12356 12357 12139 12140 12356 12357 4.8 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N 12139 4.8 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N 12140 4.8 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N 12356 4.8 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N 12357 gcc 12139 gcc-11.2.0-6.cm2.x86_64.rpm 0001-01-01T00:00:00 gfortran-11.2.0-6.cm2.x86_64.rpm 0001-01-01T00:00:00 libgcc-11.2.0-6.cm2.x86_64.rpm 0001-01-01T00:00:00 libgcc-atomic-11.2.0-6.cm2.x86_64.rpm 0001-01-01T00:00:00 libgcc-devel-11.2.0-6.cm2.x86_64.rpm 0001-01-01T00:00:00 gcc-c++-11.2.0-6.cm2.x86_64.rpm 0001-01-01T00:00:00 libbacktrace-static-11.2.0-6.cm2.x86_64.rpm 0001-01-01T00:00:00 libstdc++-11.2.0-6.cm2.x86_64.rpm 0001-01-01T00:00:00 libstdc++-devel-11.2.0-6.cm2.x86_64.rpm 0001-01-01T00:00:00 libgomp-11.2.0-6.cm2.x86_64.rpm 0001-01-01T00:00:00 libgomp-devel-11.2.0-6.cm2.x86_64.rpm 0001-01-01T00:00:00 gcc-debuginfo-11.2.0-6.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 11.2.0-6 https://nvd.nist.gov/vuln/detail/CVE-2023-4039 12139 gcc gcc 12140 gcc-11.2.0-6.cm2.aarch64.rpm 0001-01-01T00:00:00 gfortran-11.2.0-6.cm2.aarch64.rpm 0001-01-01T00:00:00 libgcc-11.2.0-6.cm2.aarch64.rpm 0001-01-01T00:00:00 libgcc-atomic-11.2.0-6.cm2.aarch64.rpm 0001-01-01T00:00:00 libgcc-devel-11.2.0-6.cm2.aarch64.rpm 0001-01-01T00:00:00 gcc-c++-11.2.0-6.cm2.aarch64.rpm 0001-01-01T00:00:00 libbacktrace-static-11.2.0-6.cm2.aarch64.rpm 0001-01-01T00:00:00 libstdc++-11.2.0-6.cm2.aarch64.rpm 0001-01-01T00:00:00 libstdc++-devel-11.2.0-6.cm2.aarch64.rpm 0001-01-01T00:00:00 libgomp-11.2.0-6.cm2.aarch64.rpm 0001-01-01T00:00:00 libgomp-devel-11.2.0-6.cm2.aarch64.rpm 0001-01-01T00:00:00 gcc-debuginfo-11.2.0-6.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 11.2.0-6 https://nvd.nist.gov/vuln/detail/CVE-2023-4039 12140 gcc gcc 12356 gcc-13.2.0-7.azl3.x86_64.rpm 0001-01-01T00:00:00 gfortran-13.2.0-7.azl3.x86_64.rpm 0001-01-01T00:00:00 libgcc-13.2.0-7.azl3.x86_64.rpm 0001-01-01T00:00:00 libgcc-atomic-13.2.0-7.azl3.x86_64.rpm 0001-01-01T00:00:00 libgcc-devel-13.2.0-7.azl3.x86_64.rpm 0001-01-01T00:00:00 gcc-c++-13.2.0-7.azl3.x86_64.rpm 0001-01-01T00:00:00 libbacktrace-static-13.2.0-7.azl3.x86_64.rpm 0001-01-01T00:00:00 libstdc++-13.2.0-7.azl3.x86_64.rpm 0001-01-01T00:00:00 libstdc++-devel-13.2.0-7.azl3.x86_64.rpm 0001-01-01T00:00:00 libgomp-13.2.0-7.azl3.x86_64.rpm 0001-01-01T00:00:00 libgomp-devel-13.2.0-7.azl3.x86_64.rpm 0001-01-01T00:00:00 cross-gcc-common-13.2.0-7.azl3.noarch.rpm 0001-01-01T00:00:00 gcc-aarch64-linux-gnu-13.2.0-7.azl3.x86_64.rpm 0001-01-01T00:00:00 gcc-c++-aarch64-linux-gnu-13.2.0-7.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 13.2.0-7 https://nvd.nist.gov/vuln/detail/CVE-2023-4039 12356 gcc gcc 12357 gcc-13.2.0-7.azl3.aarch64.rpm 0001-01-01T00:00:00 gfortran-13.2.0-7.azl3.aarch64.rpm 0001-01-01T00:00:00 libgcc-13.2.0-7.azl3.aarch64.rpm 0001-01-01T00:00:00 libgcc-atomic-13.2.0-7.azl3.aarch64.rpm 0001-01-01T00:00:00 libgcc-devel-13.2.0-7.azl3.aarch64.rpm 0001-01-01T00:00:00 gcc-c++-13.2.0-7.azl3.aarch64.rpm 0001-01-01T00:00:00 libbacktrace-static-13.2.0-7.azl3.aarch64.rpm 0001-01-01T00:00:00 libstdc++-13.2.0-7.azl3.aarch64.rpm 0001-01-01T00:00:00 libstdc++-devel-13.2.0-7.azl3.aarch64.rpm 0001-01-01T00:00:00 libgomp-13.2.0-7.azl3.aarch64.rpm 0001-01-01T00:00:00 libgomp-devel-13.2.0-7.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 13.2.0-7 https://nvd.nist.gov/vuln/detail/CVE-2023-4039 12357 gcc 1.0 2023-09-15T00:00:00 <p>Information published.</p> 1.1 2024-07-03T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2024-20965 https://nvd.nist.gov/vuln/detail/CVE-2024-20965 Mariner secalert_us@oracle.com Yes CVE-2024-20965 12139 12140 12139 12140 12139 12140 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12139 4.9 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 12140 mysql 12139 mysql-8.0.36-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.36-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.36-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.36-1 https://nvd.nist.gov/vuln/detail/CVE-2024-20965 12139 mysql mysql 12140 mysql-8.0.36-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.36-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.36-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.36-1 https://nvd.nist.gov/vuln/detail/CVE-2024-20965 12140 mysql 1.0 2024-07-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2024-20967 https://nvd.nist.gov/vuln/detail/CVE-2024-20967 Mariner secalert_us@oracle.com Yes CVE-2024-20967 12139 12140 12139 12140 12139 12140 5.5 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 12139 5.5 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 12140 mysql 12139 mysql-8.0.36-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.36-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.36-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.36-1 https://nvd.nist.gov/vuln/detail/CVE-2024-20967 12139 mysql mysql 12140 mysql-8.0.36-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.36-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.36-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.36-1 https://nvd.nist.gov/vuln/detail/CVE-2024-20967 12140 mysql 1.0 2024-07-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2024-20969 https://nvd.nist.gov/vuln/detail/CVE-2024-20969 Mariner secalert_us@oracle.com Yes CVE-2024-20969 12139 12140 12139 12140 12139 12140 5.5 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 12139 5.5 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 12140 mysql 12139 mysql-8.0.36-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.36-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.36-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.36-1 https://nvd.nist.gov/vuln/detail/CVE-2024-20969 12139 mysql mysql 12140 mysql-8.0.36-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.36-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.36-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.36-1 https://nvd.nist.gov/vuln/detail/CVE-2024-20969 12140 mysql 1.0 2024-07-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2024-20977 https://nvd.nist.gov/vuln/detail/CVE-2024-20977 Mariner secalert_us@oracle.com Yes CVE-2024-20977 12139 12140 12139 12140 12139 12140 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12139 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12140 mysql 12139 mysql-8.0.36-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.36-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.36-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.36-1 https://nvd.nist.gov/vuln/detail/CVE-2024-20977 12139 mysql mysql 12140 mysql-8.0.36-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.36-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.36-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.36-1 https://nvd.nist.gov/vuln/detail/CVE-2024-20977 12140 mysql 1.0 2024-07-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2024-20973 https://nvd.nist.gov/vuln/detail/CVE-2024-20973 Mariner secalert_us@oracle.com Yes CVE-2024-20973 12139 12140 12139 12140 12139 12140 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12139 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12140 mysql 12139 mysql-8.0.36-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.36-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.36-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.36-1 https://nvd.nist.gov/vuln/detail/CVE-2024-20973 12139 mysql mysql 12140 mysql-8.0.36-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.36-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.36-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.36-1 https://nvd.nist.gov/vuln/detail/CVE-2024-20973 12140 mysql 1.0 2024-07-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2024-20985 https://nvd.nist.gov/vuln/detail/CVE-2024-20985 Mariner secalert_us@oracle.com Yes CVE-2024-20985 12139 12140 12139 12140 12139 12140 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12139 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 12140 mysql 12139 mysql-8.0.36-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.36-1.cm2.x86_64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.36-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.36-1 https://nvd.nist.gov/vuln/detail/CVE-2024-20985 12139 mysql mysql 12140 mysql-8.0.36-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mysql-devel-8.0.36-1.cm2.aarch64.rpm 0001-01-01T00:00:00 mysql-debuginfo-8.0.36-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 8.0.36-1 https://nvd.nist.gov/vuln/detail/CVE-2024-20985 12140 mysql 1.0 2024-07-10T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2024-29158 https://nvd.nist.gov/vuln/detail/CVE-2024-29158 https://nvd.nist.gov/vuln/detail/CVE-2024-29158 https://nvd.nist.gov/vuln/detail/CVE-2024-29158 Mariner cve@mitre.org Yes CVE-2024-29158 12139 12140 12356 12357 12139 12140 12356 12357 12139 12140 12356 12357 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12139 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12140 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12356 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12357 hdf5 12139 hdf5-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-debuginfo-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4-1 https://nvd.nist.gov/vuln/detail/CVE-2024-29158 12139 hdf5 hdf5 12140 hdf5-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-debuginfo-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4-1 https://nvd.nist.gov/vuln/detail/CVE-2024-29158 12140 hdf5 hdf5 12356 hdf5-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4.3-1 https://nvd.nist.gov/vuln/detail/CVE-2024-29158 12356 hdf5 hdf5 12357 hdf5-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4.3-1 https://nvd.nist.gov/vuln/detail/CVE-2024-29158 12357 hdf5 1.0 2024-05-14T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-07-12T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2024-29162 https://nvd.nist.gov/vuln/detail/CVE-2024-29162 https://nvd.nist.gov/vuln/detail/CVE-2024-29162 https://nvd.nist.gov/vuln/detail/CVE-2024-29162 Mariner cve@mitre.org Yes CVE-2024-29162 12139 12140 12356 12357 12139 12140 12356 12357 12139 12140 12356 12357 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12139 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12140 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12356 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12357 hdf5 12139 hdf5-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-debuginfo-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4-1 https://nvd.nist.gov/vuln/detail/CVE-2024-29162 12139 hdf5 hdf5 12140 hdf5-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-debuginfo-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4-1 https://nvd.nist.gov/vuln/detail/CVE-2024-29162 12140 hdf5 hdf5 12356 hdf5-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4.3-1 https://nvd.nist.gov/vuln/detail/CVE-2024-29162 12356 hdf5 hdf5 12357 hdf5-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4.3-1 https://nvd.nist.gov/vuln/detail/CVE-2024-29162 12357 hdf5 1.0 2024-05-14T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-07-12T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2024-29163 https://nvd.nist.gov/vuln/detail/CVE-2024-29163 https://nvd.nist.gov/vuln/detail/CVE-2024-29163 https://nvd.nist.gov/vuln/detail/CVE-2024-29163 Mariner cve@mitre.org Yes CVE-2024-29163 12139 12140 12356 12357 12139 12140 12356 12357 12139 12140 12356 12357 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12139 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12140 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12356 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12357 hdf5 12139 hdf5-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-debuginfo-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4-1 https://nvd.nist.gov/vuln/detail/CVE-2024-29163 12139 hdf5 hdf5 12140 hdf5-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-debuginfo-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4-1 https://nvd.nist.gov/vuln/detail/CVE-2024-29163 12140 hdf5 hdf5 12356 hdf5-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4.3-1 https://nvd.nist.gov/vuln/detail/CVE-2024-29163 12356 hdf5 hdf5 12357 hdf5-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4.3-1 https://nvd.nist.gov/vuln/detail/CVE-2024-29163 12357 hdf5 1.0 2024-05-14T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-07-12T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2024-32605 https://nvd.nist.gov/vuln/detail/CVE-2024-32605 https://nvd.nist.gov/vuln/detail/CVE-2024-32605 https://nvd.nist.gov/vuln/detail/CVE-2024-32605 Mariner cve@mitre.org Yes CVE-2024-32605 12139 12140 12356 12357 12139 12140 12356 12357 12139 12140 12356 12357 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12139 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12140 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12356 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12357 hdf5 12139 hdf5-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-debuginfo-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4-1 https://nvd.nist.gov/vuln/detail/CVE-2024-32605 12139 hdf5 hdf5 12140 hdf5-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-debuginfo-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4-1 https://nvd.nist.gov/vuln/detail/CVE-2024-32605 12140 hdf5 hdf5 12356 hdf5-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4.3-1 https://nvd.nist.gov/vuln/detail/CVE-2024-32605 12356 hdf5 hdf5 12357 hdf5-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4.3-1 https://nvd.nist.gov/vuln/detail/CVE-2024-32605 12357 hdf5 1.0 2024-05-14T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-07-12T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2024-32615 https://nvd.nist.gov/vuln/detail/CVE-2024-32615 https://nvd.nist.gov/vuln/detail/CVE-2024-32615 https://nvd.nist.gov/vuln/detail/CVE-2024-32615 Mariner cve@mitre.org Yes CVE-2024-32615 12139 12140 12356 12357 12139 12140 12356 12357 12139 12140 12356 12357 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12139 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12140 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12356 9.8 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 12357 hdf5 12139 hdf5-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-debuginfo-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4-1 https://nvd.nist.gov/vuln/detail/CVE-2024-32615 12139 hdf5 hdf5 12140 hdf5-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-debuginfo-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4-1 https://nvd.nist.gov/vuln/detail/CVE-2024-32615 12140 hdf5 hdf5 12356 hdf5-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4.3-1 https://nvd.nist.gov/vuln/detail/CVE-2024-32615 12356 hdf5 hdf5 12357 hdf5-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4.3-1 https://nvd.nist.gov/vuln/detail/CVE-2024-32615 12357 hdf5 1.0 2024-05-14T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-07-12T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2024-32620 https://nvd.nist.gov/vuln/detail/CVE-2024-32620 https://nvd.nist.gov/vuln/detail/CVE-2024-32620 https://nvd.nist.gov/vuln/detail/CVE-2024-32620 Mariner cve@mitre.org Yes CVE-2024-32620 12139 12140 12356 12357 12139 12140 12356 12357 12139 12140 12356 12357 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12139 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12140 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12356 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12357 hdf5 12139 hdf5-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-debuginfo-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4-1 https://nvd.nist.gov/vuln/detail/CVE-2024-32620 12139 hdf5 hdf5 12140 hdf5-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-debuginfo-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4-1 https://nvd.nist.gov/vuln/detail/CVE-2024-32620 12140 hdf5 hdf5 12356 hdf5-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4.3-1 https://nvd.nist.gov/vuln/detail/CVE-2024-32620 12356 hdf5 hdf5 12357 hdf5-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4.3-1 https://nvd.nist.gov/vuln/detail/CVE-2024-32620 12357 hdf5 1.0 2024-05-14T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-07-12T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2024-32619 https://nvd.nist.gov/vuln/detail/CVE-2024-32619 https://nvd.nist.gov/vuln/detail/CVE-2024-32619 https://nvd.nist.gov/vuln/detail/CVE-2024-32619 Mariner cve@mitre.org Yes CVE-2024-32619 12139 12140 12356 12357 12139 12140 12356 12357 12139 12140 12356 12357 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12139 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12140 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12356 7.4 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 12357 hdf5 12139 hdf5-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-debuginfo-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4-1 https://nvd.nist.gov/vuln/detail/CVE-2024-32619 12139 hdf5 hdf5 12140 hdf5-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-debuginfo-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4-1 https://nvd.nist.gov/vuln/detail/CVE-2024-32619 12140 hdf5 hdf5 12356 hdf5-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4.3-1 https://nvd.nist.gov/vuln/detail/CVE-2024-32619 12356 hdf5 hdf5 12357 hdf5-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4.3-1 https://nvd.nist.gov/vuln/detail/CVE-2024-32619 12357 hdf5 1.0 2024-05-14T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-07-12T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2024-33877 https://nvd.nist.gov/vuln/detail/CVE-2024-33877 https://nvd.nist.gov/vuln/detail/CVE-2024-33877 https://nvd.nist.gov/vuln/detail/CVE-2024-33877 Mariner cve@mitre.org Yes CVE-2024-33877 12139 12140 12356 12357 12139 12140 12356 12357 12139 12140 12356 12357 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12139 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12140 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12356 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12357 hdf5 12139 hdf5-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 hdf5-debuginfo-1.14.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4-1 https://nvd.nist.gov/vuln/detail/CVE-2024-33877 12139 hdf5 hdf5 12140 hdf5-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 hdf5-debuginfo-1.14.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4-1 https://nvd.nist.gov/vuln/detail/CVE-2024-33877 12140 hdf5 hdf5 12356 hdf5-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4.3-1 https://nvd.nist.gov/vuln/detail/CVE-2024-33877 12356 hdf5 hdf5 12357 hdf5-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4.3-1 https://nvd.nist.gov/vuln/detail/CVE-2024-33877 12357 hdf5 1.0 2024-05-14T00:00:00 <p>Information published.</p> 1.1 2024-06-30T07:00:00 <p>Information published.</p> 1.2 2024-07-12T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2024-31583 https://nvd.nist.gov/vuln/detail/CVE-2024-31583 Mariner cve@mitre.org Yes CVE-2024-31583 12139 12140 12139 12140 12139 12140 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12139 7.8 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 12140 pytorch 12139 python3-pytorch-2.0.0-4.cm2.x86_64.rpm 0001-01-01T00:00:00 python3-pytorch-doc-2.0.0-4.cm2.x86_64.rpm 0001-01-01T00:00:00 pytorch-debuginfo-2.0.0-4.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.0.0-4 https://nvd.nist.gov/vuln/detail/CVE-2024-31583 12139 pytorch pytorch 12140 python3-pytorch-2.0.0-4.cm2.aarch64.rpm 0001-01-01T00:00:00 python3-pytorch-doc-2.0.0-4.cm2.aarch64.rpm 0001-01-01T00:00:00 pytorch-debuginfo-2.0.0-4.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.0.0-4 https://nvd.nist.gov/vuln/detail/CVE-2024-31583 12140 pytorch 1.0 2024-04-22T00:00:00 <p>Information published.</p> 1.1 2024-07-12T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-22742 https://nvd.nist.gov/vuln/detail/CVE-2023-22742 https://nvd.nist.gov/vuln/detail/CVE-2023-22742 https://nvd.nist.gov/vuln/detail/CVE-2023-22742 Mariner security-advisories@github.com Yes CVE-2023-22742 12139 12140 12139 12140 12139 12140 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 12139 5.9 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 12140 libgit2 12139 libgit2-glib-0.99.0.1-5.cm2.x86_64.rpm 0001-01-01T00:00:00 libgit2-glib-devel-0.99.0.1-5.cm2.x86_64.rpm 0001-01-01T00:00:00 libgit2-glib-debuginfo-0.99.0.1-5.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.4.5-1 https://nvd.nist.gov/vuln/detail/CVE-2023-22742 12139 libgit2 rust 12139 rust-1.72.0-2.cm2.x86_64.rpm 0001-01-01T00:00:00 rust-doc-1.72.0-2.cm2.noarch.rpm 0001-01-01T00:00:00 rust-debuginfo-1.72.0-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.72.0-2 https://nvd.nist.gov/vuln/detail/CVE-2023-22742 12139 rust libgit2 12140 libgit2-glib-0.99.0.1-5.cm2.aarch64.rpm 0001-01-01T00:00:00 libgit2-glib-devel-0.99.0.1-5.cm2.aarch64.rpm 0001-01-01T00:00:00 libgit2-glib-debuginfo-0.99.0.1-5.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.4.5-1 https://nvd.nist.gov/vuln/detail/CVE-2023-22742 12140 libgit2 rust 12140 rust-1.72.0-2.cm2.aarch64.rpm 0001-01-01T00:00:00 rust-doc-1.72.0-2.cm2.noarch.rpm 0001-01-01T00:00:00 rust-debuginfo-1.72.0-2.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.72.0-2 https://nvd.nist.gov/vuln/detail/CVE-2023-22742 12140 rust 1.0 2024-07-12T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2024-29161 https://nvd.nist.gov/vuln/detail/CVE-2024-29161 Mariner cve@mitre.org Yes CVE-2024-29161 12356 12357 12356 12357 12356 12357 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12356 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12357 hdf5 12356 hdf5-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4.3-1 https://nvd.nist.gov/vuln/detail/CVE-2024-29161 12356 hdf5 hdf5 12357 hdf5-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4.3-1 https://nvd.nist.gov/vuln/detail/CVE-2024-29161 12357 hdf5 1.0 2024-06-30T07:00:00 <p>Information published.</p> 1.1 2024-07-12T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2024-33873 https://nvd.nist.gov/vuln/detail/CVE-2024-33873 Mariner cve@mitre.org Yes CVE-2024-33873 12356 12357 12356 12357 12356 12357 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12356 8.8 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 12357 hdf5 12356 hdf5-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4.3-1.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4.3-1 https://nvd.nist.gov/vuln/detail/CVE-2024-33873 12356 hdf5 hdf5 12357 hdf5-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 hdf5-devel-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 hdf5-static-1.14.4.3-1.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.14.4.3-1 https://nvd.nist.gov/vuln/detail/CVE-2024-33873 12357 hdf5 1.0 2024-06-30T07:00:00 <p>Information published.</p> 1.1 2024-07-12T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2023-27478 https://nvd.nist.gov/vuln/detail/CVE-2023-27478 https://nvd.nist.gov/vuln/detail/CVE-2023-27478 https://nvd.nist.gov/vuln/detail/CVE-2023-27478 Mariner security-advisories@github.com Yes CVE-2023-27478 12356 12357 12139 12140 12356 12357 12139 12140 12356 12357 12139 12140 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 12356 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 12357 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 12139 6.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 12140 libmemcached-awesome 12356 libmemcached-awesome-1.1.4-1.azl3.x86_64.rpm 0001-01-01T00:00:00 libmemcached-awesome-devel-1.1.4-1.azl3.x86_64.rpm 0001-01-01T00:00:00 libmemcached-awesome-tools-1.1.4-1.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.1.4-1 https://nvd.nist.gov/vuln/detail/CVE-2023-27478 12356 libmemcached-awesome libmemcached-awesome 12357 libmemcached-awesome-1.1.4-1.azl3.aarch64.rpm 0001-01-01T00:00:00 libmemcached-awesome-devel-1.1.4-1.azl3.aarch64.rpm 0001-01-01T00:00:00 libmemcached-awesome-tools-1.1.4-1.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.1.4-1 https://nvd.nist.gov/vuln/detail/CVE-2023-27478 12357 libmemcached-awesome libmemcached-awesome 12139 libmemcached-awesome-1.1.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 libmemcached-awesome-devel-1.1.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 libmemcached-awesome-tools-1.1.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 libmemcached-awesome-debuginfo-1.1.4-1.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.1.4-1 https://nvd.nist.gov/vuln/detail/CVE-2023-27478 12139 libmemcached-awesome libmemcached-awesome 12140 libmemcached-awesome-1.1.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 libmemcached-awesome-devel-1.1.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 libmemcached-awesome-tools-1.1.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 libmemcached-awesome-debuginfo-1.1.4-1.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 1.1.4-1 https://nvd.nist.gov/vuln/detail/CVE-2023-27478 12140 libmemcached-awesome 1.0 2024-06-30T07:00:00 <p>Information published.</p> 1.1 2024-07-13T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2024-37890 https://nvd.nist.gov/vuln/detail/CVE-2024-37890 Mariner security-advisories@github.com Yes CVE-2024-37890 12139 12140 12139 12140 12139 12140 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12139 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12140 reaper 12139 reaper-3.1.1-10.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 3.1.1-10 https://nvd.nist.gov/vuln/detail/CVE-2024-37890 12139 reaper reaper 12140 CBL-Mariner 3.1.1-10 https://nvd.nist.gov/vuln/detail/CVE-2024-37890 12140 reaper 1.0 2024-07-13T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2024-29038 https://nvd.nist.gov/vuln/detail/CVE-2024-29038 Mariner security-advisories@github.com Yes CVE-2024-29038 12139 12140 12139 12140 12139 12140 4.3 4.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N 12139 4.3 4.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N 12140 tpm2-tools 12139 tpm2-tools-4.3.2-2.cm2.x86_64.rpm 0001-01-01T00:00:00 tpm2-tools-debuginfo-4.3.2-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.3.2-2 https://nvd.nist.gov/vuln/detail/CVE-2024-29038 12139 tpm2-tools tpm2-tools 12140 tpm2-tools-4.3.2-2.cm2.aarch64.rpm 0001-01-01T00:00:00 tpm2-tools-debuginfo-4.3.2-2.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.3.2-2 https://nvd.nist.gov/vuln/detail/CVE-2024-29038 12140 tpm2-tools 1.0 2024-07-19T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2024-29039 https://nvd.nist.gov/vuln/detail/CVE-2024-29039 Mariner security-advisories@github.com Yes CVE-2024-29039 12139 12140 12139 12140 12139 12140 9.0 9.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 12139 9.0 9.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 12140 tpm2-tools 12139 tpm2-tools-4.3.2-2.cm2.x86_64.rpm 0001-01-01T00:00:00 tpm2-tools-debuginfo-4.3.2-2.cm2.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.3.2-2 https://nvd.nist.gov/vuln/detail/CVE-2024-29039 12139 tpm2-tools tpm2-tools 12140 tpm2-tools-4.3.2-2.cm2.aarch64.rpm 0001-01-01T00:00:00 tpm2-tools-debuginfo-4.3.2-2.cm2.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 4.3.2-2 https://nvd.nist.gov/vuln/detail/CVE-2024-29039 12140 tpm2-tools 1.0 2024-07-19T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2020-15503 https://nvd.nist.gov/vuln/detail/CVE-2020-15503 Mariner cve@mitre.org Yes CVE-2020-15503 12356 12357 12356 12357 12356 12357 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12356 7.5 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 12357 LibRaw 12356 LibRaw-0.19.5-5.azl3.x86_64.rpm 0001-01-01T00:00:00 LibRaw-devel-0.19.5-5.azl3.x86_64.rpm 0001-01-01T00:00:00 LibRaw-static-0.19.5-5.azl3.x86_64.rpm 0001-01-01T00:00:00 LibRaw-samples-0.19.5-5.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 0.19.5-5 https://nvd.nist.gov/vuln/detail/CVE-2020-15503 12356 LibRaw LibRaw 12357 LibRaw-0.19.5-5.azl3.aarch64.rpm 0001-01-01T00:00:00 LibRaw-devel-0.19.5-5.azl3.aarch64.rpm 0001-01-01T00:00:00 LibRaw-static-0.19.5-5.azl3.aarch64.rpm 0001-01-01T00:00:00 LibRaw-samples-0.19.5-5.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 0.19.5-5 https://nvd.nist.gov/vuln/detail/CVE-2020-15503 12357 LibRaw 1.0 2024-07-23T00:00:00 <p>Information published.</p> https://nvd.nist.gov/vuln/detail/CVE-2020-27842 https://nvd.nist.gov/vuln/detail/CVE-2020-27842 Mariner secalert@redhat.com Yes CVE-2020-27842 12356 12357 12356 12357 12356 12357 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12356 5.5 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 12357 openjpeg2 12356 openjpeg2-2.3.1-12.azl3.x86_64.rpm 0001-01-01T00:00:00 openjpeg2-devel-2.3.1-12.azl3.x86_64.rpm 0001-01-01T00:00:00 openjpeg2-devel-docs-2.3.1-12.azl3.noarch.rpm 0001-01-01T00:00:00 openjpeg2-tools-2.3.1-12.azl3.x86_64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.3.1-12 https://nvd.nist.gov/vuln/detail/CVE-2020-27842 12356 openjpeg2 openjpeg2 12357 openjpeg2-2.3.1-12.azl3.aarch64.rpm 0001-01-01T00:00:00 openjpeg2-devel-2.3.1-12.azl3.aarch64.rpm 0001-01-01T00:00:00 openjpeg2-devel-docs-2.3.1-12.azl3.noarch.rpm 0001-01-01T00:00:00 openjpeg2-tools-2.3.1-12.azl3.aarch64.rpm 0001-01-01T00:00:00 CBL-Mariner 2.3.1-12 https://nvd.nist.gov/vuln/detail/CVE-2020-27842 12357 openjpeg2 1.0 2024-07-23T00:00:00 <p>Information published.</p> .NET and Visual Studio Denial of Service Vulnerability .NET and Visual Studio Microsoft Yes CVE-2024-38095 Improper Input Validation 12262 11970 12009 12260 12129 12187 12271 12322 Denial of Service 12262 Denial of Service 11970 Denial of Service 12009 Denial of Service 12260 Denial of Service 12129 Denial of Service 12187 Denial of Service 12271 Denial of Service 12322 Important 12262 Important 11970 Important 12009 Important 12260 Important 12129 Important 12187 Important 12271 Important 12322 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12262 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 11970 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12009 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12260 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12129 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12187 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12271 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12322 Release Notes https://github.com/PowerShell/Announcements/issues/64 12262 Maybe Security Update 7.4.4 https://github.com/PowerShell/Announcements/issues/64 12262 Release Notes Release Notes https://github.com/PowerShell/Announcements/issues/64 11970 Maybe Security Update 7.2.22 https://github.com/PowerShell/Announcements/issues/64 11970 Release Notes 5041080 https://dotnet.microsoft.com/download/dotnet/6.0 12009 Maybe Security Update 6.0.32 https://support.microsoft.com/help/5041080 12009 5041080 5041081 https://dotnet.microsoft.com/en-us/download/dotnet/8.0 12260 Maybe Security Update 8.0.7 https://support.microsoft.com/help/5041081 12260 5041081 Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.21 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.17 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8 12271 Maybe Security Update 17.8.12 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12271 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.10 12322 Maybe Security Update 17.10.4 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12322 Release Notes 2.0 2024-07-25T07:00:00 <p>Revised the Security Updates table to include PowerShell 7.4 and 7.2 because these versions of PowerShell 7 are affected by this vulnerability. See <a href="https://github.com/PowerShell/Announcements/issues/64">https://github.com/PowerShell/Announcements/issues/64</a> for more information.</p> 1.0 2024-07-09T07:00:00 <p>Information published.</p> 3.0 2024-10-08T07:00:00 <p>In the Security Updates table, added .NET 6.0 as it is also affected by this vulnerability. Note that there is no security update for .NET 6.0 to address this vulnerablity. HTTP/3 support was only experimental in .NET 6.0, so if you are using .NET 6 you must update your application to .NET 8 to be protected.</p> .NET and Visual Studio Denial of Service Vulnerability .NET and Visual Studio Microsoft Yes CVE-2024-30105 Uncontrolled Resource Consumption 12260 12262 12129 12187 12322 12271 Denial of Service 12260 Denial of Service 12262 Denial of Service 12129 Denial of Service 12187 Denial of Service 12322 Denial of Service 12271 Important 12260 Important 12262 Important 12129 Important 12187 Important 12322 Important 12271 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12260 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12262 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12129 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12187 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12322 7.5 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C 12271 5041081 https://dotnet.microsoft.com/en-us/download/dotnet/8.0 12260 Maybe Security Update 8.0.7 https://support.microsoft.com/help/5041081 12260 5041081 Release Notes https://github.com/PowerShell/Announcements/issues/64 12262 Maybe Security Update 7.4.4 https://github.com/PowerShell/Announcements/issues/64 12262 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.4 12129 Maybe Security Update 17.4.21 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12129 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 12187 Maybe Security Update 17.6.17 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12187 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.10 12322 Maybe Security Update 17.10.4 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12322 Release Notes Release Notes https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8 12271 Maybe Security Update 17.8.12 https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes 12271 Release Notes 1.0 2024-07-09T07:00:00 <p>Information published.</p> 2.0 2024-07-25T07:00:00 <p>Revised the Security Updates table to include PowerShell 7.4 because this version of PowerShell 7 is affected by this vulnerability. See <a href="https://github.com/PowerShell/Announcements/issues/65">https://github.com/PowerShell/Announcements/issues/65</a> for more information.</p> Windows Cryptographic Services Security Feature Bypass Vulnerability <p><strong>Are there any further actions I need to take to be protected from this vulnerability?</strong></p> <p>Yes. The Windows Smart Card infrastructure relies on the Cryptographic Service Provider (CSP) and Key Storage Provider (KSP) to isolate cryptographic operations from the Smart Card implementation. The KSP is part of the Crypto Next Generation (CNG) architecture and is intended to support modern smart cards. In the case of RSA based certificates, the Smart Card Certificate Propagation service automatically overrides the default and uses the CSP instead of the KSP. This limits usage to the cryptography provided by the CSP and does not benefit from the modern cryptography provided by the KSP.</p> <p><strong>IMPORTANT REMINDER</strong>: The DisableCapiOverrideForRSA registry key will be removed.</p> <p><strong>UPDATE February 10, 2026</strong>: Based on feedback from customers and software vendors, Microsoft is extending the removal date for the DisableCapiOverrideForRSA registry key from April 2026 to February 9, 2027.. This extension provides additional time to develop, test, and update applications that rely on the previous CSP-based behavior. The security fix remains enabled by default.</p> <p><strong>UPDATE December 9, 2025</strong>: The October 14, 2025, Windows updates addressing CVE-2024-30098 revealed issues in applications where the code does not correctly identify which provider is managing the key for certificates propagated from a smart card to the certificate store. This misidentification can cause cryptographic operations to fail in certain scenarios. Please see <a href="http://support.microsoft.com/kb/5073121">Guidance for certificate handling for Smart Card propagated certificates</a> for guidance for application developers on how to detect the correct handler and resolve these issues.</p> <p><strong>UPDATE October 14, 2025</strong>: Starting with the October 2025 security updates, the fix will be enabled by default (DisableCapiOverrideForRSA set to 1) and the KSP will be used for RSA based certificates in the Smart Card Certificate Propagation service. If you discover applications relying on the old behavior, the DisableCapiOverrideForRSA registry key can be set back to 0 to switch back to auditing mode. The DisableCapiOverrideForRSA registry key will be removed in April 2026.</p> <p><strong>UPDATE March 11, 2025</strong>: Starting with the security updates released on April 2025, the fix will automatically generate an audit event in cases where the Cryptographic Service Provider (CSP) is being used with RSA keys. If you have not already enabled the fix using the DisableCapiOverrideForRSA setting, you should monitor your systems for any error events in the Windows system event log.</p> <p>The Windows System event will include text that says:</p> <table> <thead> <tr> <th>Event ID</th> <th>Event Type</th> <th>Text</th> </tr> </thead> <tbody> <tr> <td>624</td> <td>Error</td> <td>Audit: This system is using CAPI for RSA cryptography operations. Please refer to the following link for more detail: <a href="https://go.microsoft.com/fwlink/?linkid=2300823">https://go.microsoft.com/fwlink/?linkid=2300823</a></td> </tr> </tbody> </table> <p><strong>Note</strong>: when you enable the DisableCapiOverrideForRSA setting, auditing will stop.</p> <p>Beginning with the July 2024 security updates released on July 9, 2024, this vulnerability will be addressed by removing the RSA override and using the KSP as the default. This change is initially disabled by default to allow customers to test it in their environment and to detect any application compatibility issues that might occur with this change.</p> <p>Please enable this fix and test applications in your environment that rely on RSA based certificates and smart cards. If you detect applications that rely on the old behavior of defaulting to the CSP, work with your application vendor to update the application so that the KSP can be used by default.</p> <p>The fix can be enabled by setting the following registry key. Set the registry key to the value 1 to enable the fix for CVE-2024-30098.</p> <table> <thead> <tr> <th>Registry Subkey</th> <th>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais</th> </tr> </thead> <tbody> <tr> <td>Key Value name</td> <td>DisableCapiOverrideForRSA</td> </tr> <tr> <td>Data Type</td> <td>REG_DWORD</td> </tr> <tr> <td>Data</td> <td>Set to 1 to enable the fix for CVE-2024-30098 and set to 0 or remove the key to disable the fix.</td> </tr> </tbody> </table> <p><strong>According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?</strong></p> <p>Successful exploitation of this vulnerability requires an attacker to create a SHA1 hash collision successfully.</p> <p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p> <p>An attacker who successfully exploited this vulnerability could bypass digital signatures on a vulnerable system.</p> Windows Cryptographic Services Microsoft Yes CVE-2024-30098 Use of a Broken or Risky Cryptographic Algorithm 12437 12389 12390 12436 11568 11569 11571 11572 11923 11924 11926 11927 11929 11930 11931 12085 12086 12097 12098 12099 12242 12243 12244 10729 10735 10852 10853 10816 10855 10483 10543 Security Feature Bypass 12437 Security Feature Bypass 12389 Security Feature Bypass 12390 Security Feature Bypass 12436 Security Feature Bypass 11568 Security Feature Bypass 11569 Security Feature Bypass 11571 Security Feature Bypass 11572 Security Feature Bypass 11923 Security Feature Bypass 11924 Security Feature Bypass 11926 Security Feature Bypass 11927 Security Feature Bypass 11929 Security Feature Bypass 11930 Security Feature Bypass 11931 Security Feature Bypass 12085 Security Feature Bypass 12086 Security Feature Bypass 12097 Security Feature Bypass 12098 Security Feature Bypass 12099 Security Feature Bypass 12242 Security Feature Bypass 12243 Security Feature Bypass 12244 Security Feature Bypass 10729 Security Feature Bypass 10735 Security Feature Bypass 10852 Security Feature Bypass 10853 Security Feature Bypass 10816 Security Feature Bypass 10855 Security Feature Bypass 10483 Security Feature Bypass 10543 Important 12437 Important 12389 Important 12390 Important 12436 Important 11568 Important 11569 Important 11571 Important 11572 Important 11923 Important 11924 Important 11926 Important 11927 Important 11929 Important 11930 Important 11931 Important 12085 Important 12086 Important 12097 Important 12098 Important 12099 Important 12242 Important 12243 Important 12244 Important 10729 Important 10735 Important 10852 Important 10853 Important 10816 Important 10855 Important 10483 Important 10543 Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12437 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12389 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12390 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12436 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11568 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11569 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11571 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11572 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11923 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11924 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11926 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11927 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11929 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11930 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 11931 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12085 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12086 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12097 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12098 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12099 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12242 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12243 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 12244 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10729 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10735 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10852 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10853 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10816 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10855 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10483 7.5 6.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10543 5066835 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835 5065426 12437 12389 12390 12436 Yes Security Update 10.0.26100.6899 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066835 5066835 https://support.microsoft.com/help/5066835 12437 12389 12390 12436 5066586 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066586 5065428 11568 11569 11571 11572 Yes Security Update 10.0.17763.7919 https://support.microsoft.com/help/5066586 11568 11569 11571 11572 5066586 5066782 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066782 5065432 11923 11924 Yes Security Update 10.0.20348.4294 https://support.microsoft.com/help/5066782 11923 11924 5066782 5040431 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040431 5039213 11926 11927 Yes Security Update 10.0.22000.3079 https://support.microsoft.com/help/5040431 11926 11927 5040431 5040431 https://support.microsoft.com/help/5040431 11926 11927 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 11929 11930 11931 Yes Security Update 10.0.19044.6456 https://support.microsoft.com/help/5066791 11929 11930 11931 5066791 5066791 https://support.microsoft.com/help/5066791 11929 11930 11931 12097 12098 12099 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12085 12086 Yes Security Update 10.0.22621.6060 https://support.microsoft.com/help/5066793 12085 12086 5066793 5066791 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066791 5065429 12097 12098 12099 Yes Security Update 10.0.19045.6456 https://support.microsoft.com/help/5066791 12097 12098 12099 5066791 5066793 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066793 5065431 12242 12243 Yes Security Update 10.0.22631.6060 https://support.microsoft.com/help/5066793 12242 12243 5066793 5066780 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066780 5065425 12244 Yes Security Update 10.0.25398.1913 https://support.microsoft.com/help/5066780 12244 5066780 5066837 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066837 5065430 10729 10735 Yes Security Update 10.0.10240.21161 https://support.microsoft.com/help/5066837 10729 10735 5066837 5066836 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066836 5065427 10852 10853 10816 10855 Yes Security Update 10.0.14393.8519 https://support.microsoft.com/help/5066836 10852 10853 10816 10855 5066836 5066873 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066873 5065507 10483 10543 Yes Monthly Rollup 6.3.9600.22824 https://support.microsoft.com/help/5066873 10483 10543 5066873 Anonymous 2.1 2025-03-26T07:00:00 <p>Updated links to security updates. This is an informational change only.</p> 3.1 2025-12-09T08:00:00 <p>Updated the &quot;Are there any further actions I need to take to be protected from this vulnerability?&quot; FAQ as follows:</p> <ol> <li>Added a reminder to customers that The DisableCapiOverrideForRSA registry key will be removed in April 2026.</li> <li>Added an update that states: The October 14, 2025, Windows updates addressing CVE-2024-30098 revealed issues in applications where the code does not correctly identify which provider is managing the key for certificates propagated from a smart card to the certificate store. This misidentification can cause cryptographic operations to fail in certain scenarios. Please see <a href="http://support.microsoft.com/kb/5073121">Guidance for certificate handling for Smart Card propagated certificates</a> for guidance for application developers on how to detect the correct handler and resolve these issues.</li> </ol> <p>These are informational changes only.</p> 3.2 2026-02-10T08:00:00 <p>DisableCapiOverrideForRSA registry key removal date has been updated to 2/9/2027.</p> 1.0 2024-07-09T07:00:00 <p>Information published.</p> 1.1 2024-07-10T07:00:00 <p>Added FAQ to explain how this vulnerability is being addressed and further actions customers must take to be protected from it. This is an informational change only.</p> 2.0 2025-03-11T07:00:00 <p>The following updates have been made to CVE-2024-30098:</p> <ol> <li>In the Security Updates table, added all supported versions of the following as they are affected by this vulnerability: Windows 11 24H2 and Windows Server 2025.</li> <li>To comprehensively address this vulnerability, Microsoft has released March 2025 security updates for all affected versions of Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022, and Windows Server 2022 23H2 Edition, Windows 10, and Windows 11.</li> <li>Updated the &quot;Are there any further actions I need to take to be protected from this vulnerability?&quot; FAQ to state that Starting with the April 2025, the fix will automatically generate an audit event in cases where the Cryptographic Service Provider (CSP) is being used with RSA keys. If you have not already enabled the fix using the DisableCapiOverrideForRSA setting, you should monitor your systems for any error events in the Windows system event log. See the FAQ section of this CVE for more information.</li> </ol> 3.0 2025-10-14T07:00:00 <p>The following updates have been made to CVE-2024-30098:</p> <ol> <li>In the Security Updates table, added all supported versions Windows 11 25H2 as they are affected by the vulnerability.</li> <li>To enable the fix by default, Microsoft has released October 2025 security updates for all affected versions of Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022, and Windows Server 2022 23H2 Edition, Windows 10, and Windows 11.</li> <li>Updated the &quot;Are there any further actions I need to take to be protected from this vulnerability?&quot; FAQ to state that starting with the October 2025 security updates, the fix will be enabled by default (DisableCapiOverrideForRSA set to 1) and the KSP will be used for RSA based certificates in the Smart Card Certificate Propagation service. If you discover applications relying on the old behavior, the DisableCapiOverrideForRSA registry key can be set back to 0 to switch back to auditing mode. The DisableCapiOverrideForRSA registry key will be removed in April 2026. See the FAQ section of this CVE for more information.</li> </ol>