Microsoft Makers of the Windows Operating System and hundreds of products that run on it.
Products by Microsoft Sorted by Most Security Vulnerabilities since 2018
Microsoft ChakraCore189 vulnerabilities
ChakraCore is the core part of the Chakra JavaScript engine that powers Microsoft Edge
Recent Microsoft Security Advisories
Advisory | Title | Published |
---|---|---|
CVE-2024-2400 | Chromium: CVE-2024-2400 Use after free in Performance Manager | March 14, 2024 |
CVE-2024-26163 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | March 14, 2024 |
CVE-2024-26246 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | March 14, 2024 |
CVE-2024-21438 | Microsoft AllJoyn API Denial of Service Vulnerability | March 12, 2024 |
CVE-2024-21426 | Microsoft SharePoint Server Remote Code Execution Vulnerability | March 12, 2024 |
CVE-2024-21392 | .NET and Visual Studio Denial of Service Vulnerability | March 12, 2024 |
CVE-2024-21411 | Skype for Consumer Remote Code Execution Vulnerability | March 12, 2024 |
CVE-2024-20671 | Microsoft Defender Security Feature Bypass Vulnerability | March 12, 2024 |
CVE-2024-21421 | Azure SDK Spoofing Vulnerability | March 12, 2024 |
CVE-2024-21429 | Windows USB Hub Driver Remote Code Execution Vulnerability | March 12, 2024 |
Known Exploited Microsoft Vulnerabilities
The following Microsoft vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.
Title | Description | Added |
---|---|---|
Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability | Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL (input and output control) dispatcher in appid.sys that allows a local attacker to achieve privilege escalation. CVE-2024-21338 | March 4, 2024 |
Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability | Microsoft Streaming Service contains an untrusted pointer dereference vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges. CVE-2023-29360 | February 29, 2024 |
Microsoft Exchange Server Privilege Escalation Vulnerability | Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. CVE-2024-21410 | February 15, 2024 |
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability | Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience and inject code to potentially gain code execution, which could lead to some data exposure, lack of system availability, or both. CVE-2024-21351 | February 13, 2024 |
Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability | Microsoft Windows Internet Shortcut Files contains an unspecified vulnerability that allows for a security feature bypass. CVE-2024-21412 | February 13, 2024 |
Microsoft SharePoint Server Privilege Escalation Vulnerability | Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a network attack. This attack bypasses authentication, enabling the attacker to gain administrator privileges. CVE-2023-29357 | January 10, 2024 |
Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability | Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features. CVE-2023-36584 | November 16, 2023 |
Microsoft Windows Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability | Microsoft Windows Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation. CVE-2023-36033 | November 14, 2023 |
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability | Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to bypass Windows Defender SmartScreen checks and their associated prompts. CVE-2023-36025 | November 14, 2023 |
Microsoft Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability | Microsoft Windows Cloud Files Mini Filter Driver contains a privilege escalation vulnerability that could allow an attacker to gain SYSTEM privileges. CVE-2023-36036 | November 14, 2023 |
Microsoft WordPad Information Disclosure Vulnerability | Microsoft WordPad contains an unspecified vulnerability that allows for information disclosure. CVE-2023-36563 | October 10, 2023 |
Microsoft Skype for Business Privilege Escalation Vulnerability | Microsoft Skype for Business contains an unspecified vulnerability that allows for privilege escalation. CVE-2023-41763 | October 10, 2023 |
Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability | Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain specific limited SYSTEM privileges. CVE-2023-28229 | October 4, 2023 |
Microsoft Streaming Service Proxy Privilege Escalation Vulnerability | Microsoft Streaming Service Proxy contains an unspecified vulnerability that allows for privilege escalation. CVE-2023-36802 | September 12, 2023 |
Microsoft Word Information Disclosure Vulnerability | Microsoft Word contains an unspecified vulnerability that allows for information disclosure. CVE-2023-36761 | September 12, 2023 |
Microsoft .NET Core and Visual Studio Denial of Service Vulnerability | Microsoft .NET Core and Visual Studio contain an unspecified vulnerability that allows for denial of service. CVE-2023-38180 | August 9, 2023 |
Microsoft Office and Windows HTML Remote Code Execution Vulnerability | Microsoft Office and Windows contain an unspecified vulnerability that allows an attacker to perform remote code execution via a specially crafted Microsoft Office document. CVE-2023-36884 | July 17, 2023 |
Microsoft Windows Error Reporting Service Privilege Escalation Vulnerability | Microsoft Windows Error Reporting Service contains an unspecified vulnerability that allows for privilege escalation. CVE-2023-36874 | July 11, 2023 |
Microsoft Windows Defender SmartScreen Security Feature Bypass Vulnerability | Microsoft Windows Defender SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the Open File - Security Warning prompt. CVE-2023-32049 | July 11, 2023 |
Microsoft Outlook Security Feature Bypass Vulnerability | Microsoft Outlook contains a security feature bypass vulnerability that allows an attacker to bypass the Microsoft Outlook Security Notice prompt. CVE-2023-35311 | July 11, 2023 |
By the Year
In 2024 there have been 245 vulnerabilities in Microsoft with an average score of 7.4 out of ten. Last year Microsoft had 1461 security vulnerabilities published. Right now, Microsoft is on track to have less security vulnerabilities in 2024 than it did last year. However, the average CVE base score of the vulnerabilities in 2024 is greater by 0.14.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 245 | 7.42 |
2023 | 1461 | 7.27 |
2022 | 1295 | 7.44 |
2021 | 1111 | 7.45 |
2020 | 1207 | 7.26 |
2019 | 759 | 7.23 |
2018 | 579 | 6.89 |
It may take a day or so for new Microsoft vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Security Vulnerabilities
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
CVE-2024-26246
3.9 - Low
- March 14, 2024
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
CVE-2024-26163
4.7 - Medium
- March 14, 2024
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may
CVE-2023-28746
- March 14, 2024
Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128
CVE-2024-2400
- March 13, 2024
Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Visual Studio Code Elevation of Privilege Vulnerability
CVE-2024-26165
8.8 - High
- March 12, 2024
Visual Studio Code Elevation of Privilege Vulnerability
Outlook for Android Information Disclosure Vulnerability
CVE-2024-26204
7.5 - High
- March 12, 2024
Outlook for Android Information Disclosure Vulnerability
Windows Compressed Folder Tampering Vulnerability
CVE-2024-26185
6.5 - Medium
- March 12, 2024
Windows Compressed Folder Tampering Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-26182
7.8 - High
- March 12, 2024
Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel Denial of Service Vulnerability
CVE-2024-26181
5.5 - Medium
- March 12, 2024
Windows Kernel Denial of Service Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-26178
7.8 - High
- March 12, 2024
Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel Information Disclosure Vulnerability
CVE-2024-26177
5.5 - Medium
- March 12, 2024
Windows Kernel Information Disclosure Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-26176
- March 12, 2024
Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel Information Disclosure Vulnerability
CVE-2024-26174
5.5 - Medium
- March 12, 2024
Windows Kernel Information Disclosure Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-26173
7.8 - High
- March 12, 2024
Windows Kernel Elevation of Privilege Vulnerability
Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability
CVE-2024-26170
7.8 - High
- March 12, 2024
Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability
Windows Error Reporting Service Elevation of Privilege Vulnerability
CVE-2024-26169
7.8 - High
- March 12, 2024
Windows Error Reporting Service Elevation of Privilege Vulnerability
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-26166
8.8 - High
- March 12, 2024
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2024-26162
8.8 - High
- March 12, 2024
Microsoft ODBC Driver Remote Code Execution Vulnerability
Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability
CVE-2024-26160
- March 12, 2024
Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability
Microsoft Teams for Android Information Disclosure Vulnerability
CVE-2024-21448
5 - Medium
- March 12, 2024
Microsoft Teams for Android Information Disclosure Vulnerability
Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2024-21440
- March 12, 2024
Microsoft ODBC Driver Remote Code Execution Vulnerability
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2024-21437
7.8 - High
- March 12, 2024
Windows Graphics Component Elevation of Privilege Vulnerability
Windows Installer Elevation of Privilege Vulnerability
CVE-2024-21436
7.8 - High
- March 12, 2024
Windows Installer Elevation of Privilege Vulnerability
Windows OLE Remote Code Execution Vulnerability
CVE-2024-21435
8.8 - High
- March 12, 2024
Windows OLE Remote Code Execution Vulnerability
Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability
CVE-2024-21434
7.8 - High
- March 12, 2024
Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2024-21433
7 - High
- March 12, 2024
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Update Stack Elevation of Privilege Vulnerability
CVE-2024-21432
7 - High
- March 12, 2024
Windows Update Stack Elevation of Privilege Vulnerability
Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability
CVE-2024-21431
7.8 - High
- March 12, 2024
Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability
Windows Kerberos Security Feature Bypass Vulnerability
CVE-2024-21427
7.5 - High
- March 12, 2024
Windows Kerberos Security Feature Bypass Vulnerability
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2024-21419
7.6 - High
- March 12, 2024
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
Windows Hyper-V Denial of Service Vulnerability
CVE-2024-21408
5.5 - Medium
- March 12, 2024
Windows Hyper-V Denial of Service Vulnerability
Windows Hyper-V Remote Code Execution Vulnerability
CVE-2024-21407
8.1 - High
- March 12, 2024
Windows Hyper-V Remote Code Execution Vulnerability
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
CVE-2024-21400
9 - Critical
- March 12, 2024
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
Microsoft Authenticator Elevation of Privilege Vulnerability
CVE-2024-21390
7.1 - High
- March 12, 2024
Microsoft Authenticator Elevation of Privilege Vulnerability
Open Management Infrastructure (OMI) Remote Code Execution Vulnerability
CVE-2024-21334
9.8 - Critical
- March 12, 2024
Open Management Infrastructure (OMI) Remote Code Execution Vulnerability
Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
CVE-2024-21330
7.8 - High
- March 12, 2024
Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability
CVE-2024-26164
8.8 - High
- March 12, 2024
Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-26161
8.8 - High
- March 12, 2024
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Azure Data Studio Elevation of Privilege Vulnerability
CVE-2024-26203
7.3 - High
- March 12, 2024
Azure Data Studio Elevation of Privilege Vulnerability
Microsoft Intune Linux Agent Elevation of Privilege Vulnerability
CVE-2024-26201
6.6 - Medium
- March 12, 2024
Microsoft Intune Linux Agent Elevation of Privilege Vulnerability
Microsoft Office Elevation of Privilege Vulnerability
CVE-2024-26199
7.8 - High
- March 12, 2024
Microsoft Office Elevation of Privilege Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2024-26198
8.8 - High
- March 12, 2024
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft QUIC Denial of Service Vulnerability
CVE-2024-26190
7.5 - High
- March 12, 2024
Microsoft QUIC Denial of Service Vulnerability
Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2024-26159
8.8 - High
- March 12, 2024
Microsoft ODBC Driver Remote Code Execution Vulnerability
Windows Standards-Based Storage Management Service Denial of Service Vulnerability
CVE-2024-26197
6.5 - Medium
- March 12, 2024
Windows Standards-Based Storage Management Service Denial of Service Vulnerability
Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2024-21451
8.8 - High
- March 12, 2024
Microsoft ODBC Driver Remote Code Execution Vulnerability
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21450
- March 12, 2024
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
NTFS Elevation of Privilege Vulnerability
CVE-2024-21446
7.8 - High
- March 12, 2024
NTFS Elevation of Privilege Vulnerability
Windows USB Print Driver Elevation of Privilege Vulnerability
CVE-2024-21445
7 - High
- March 12, 2024
Windows USB Print Driver Elevation of Privilege Vulnerability
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21444
8.8 - High
- March 12, 2024
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-21443
7.3 - High
- March 12, 2024
Windows Kernel Elevation of Privilege Vulnerability
Windows USB Print Driver Elevation of Privilege Vulnerability
CVE-2024-21442
7.8 - High
- March 12, 2024
Windows USB Print Driver Elevation of Privilege Vulnerability
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21441
8.8 - High
- March 12, 2024
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Windows Telephony Server Elevation of Privilege Vulnerability
CVE-2024-21439
7 - High
- March 12, 2024
Windows Telephony Server Elevation of Privilege Vulnerability
Microsoft AllJoyn API Denial of Service Vulnerability
CVE-2024-21438
7.5 - High
- March 12, 2024
Microsoft AllJoyn API Denial of Service Vulnerability
Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability
CVE-2024-21430
- March 12, 2024
Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability
Windows USB Hub Driver Remote Code Execution Vulnerability
CVE-2024-21429
6.8 - Medium
- March 12, 2024
Windows USB Hub Driver Remote Code Execution Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2024-21426
7.8 - High
- March 12, 2024
Microsoft SharePoint Server Remote Code Execution Vulnerability
Azure SDK Spoofing Vulnerability
CVE-2024-21421
7.5 - High
- March 12, 2024
Azure SDK Spoofing Vulnerability
Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability
CVE-2024-21418
7.8 - High
- March 12, 2024
Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability
Skype for Consumer Remote Code Execution Vulnerability
CVE-2024-21411
8.8 - High
- March 12, 2024
Skype for Consumer Remote Code Execution Vulnerability
.NET and Visual Studio Denial of Service Vulnerability
CVE-2024-21392
7.5 - High
- March 12, 2024
.NET and Visual Studio Denial of Service Vulnerability
Microsoft Defender Security Feature Bypass Vulnerability
CVE-2024-20671
5.5 - Medium
- March 12, 2024
Microsoft Defender Security Feature Bypass Vulnerability
Microsoft Edge for Android Spoofing Vulnerability
CVE-2024-26167
4.3 - Medium
- March 07, 2024
Microsoft Edge for Android Spoofing Vulnerability
Use after free in FedCM in Google Chrome prior to 122.0.6261.111
CVE-2024-2176
- March 06, 2024
Use after free in FedCM in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111
CVE-2024-2174
- March 06, 2024
Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Out of bounds memory access in V8 in Google Chrome prior to 122.0.6261.111
CVE-2024-2173
- March 06, 2024
Out of bounds memory access in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Type Confusion in V8 in Google Chrome prior to 122.0.6261.94
CVE-2024-1939
- February 29, 2024
Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Type Confusion in V8 in Google Chrome prior to 122.0.6261.94
CVE-2024-1938
- February 29, 2024
Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2024-26188
4.3 - Medium
- February 23, 2024
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
CVE-2024-26192
8.2 - High
- February 23, 2024
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
CVE-2024-21423
4.8 - Medium
- February 23, 2024
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Out of bounds memory access in Blink in Google Chrome prior to 122.0.6261.57
CVE-2024-1669
- February 21, 2024
Out of bounds memory access in Blink in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Use after free in Mojo in Google Chrome prior to 122.0.6261.57
CVE-2024-1670
- February 21, 2024
Use after free in Mojo in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57
CVE-2024-1671
- February 21, 2024
Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57
CVE-2024-1672
- February 21, 2024
Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)
Use after free in Accessibility in Google Chrome prior to 122.0.6261.57
CVE-2024-1673
- February 21, 2024
Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)
Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57
CVE-2024-1674
- February 21, 2024
Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57
CVE-2024-1676
- February 21, 2024
Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)
Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57
CVE-2024-1675
- February 21, 2024
Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs)
CVE-2023-50387
7.5 - High
- February 14, 2024
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
Allocation of Resources Without Limits or Throttling
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2024-21413
9.8 - Critical
- February 13, 2024
Microsoft Outlook Remote Code Execution Vulnerability
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21420
8.8 - High
- February 13, 2024
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Azure Stack Hub Spoofing Vulnerability
CVE-2024-20679
6.5 - Medium
- February 13, 2024
Azure Stack Hub Spoofing Vulnerability
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2024-21393
7.6 - High
- February 13, 2024
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
XSS
Dynamics 365 Field Service Spoofing Vulnerability
CVE-2024-21394
7.6 - High
- February 13, 2024
Dynamics 365 Field Service Spoofing Vulnerability
Dynamics 365 Sales Spoofing Vulnerability
CVE-2024-21396
7.6 - High
- February 13, 2024
Dynamics 365 Sales Spoofing Vulnerability
Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability
CVE-2024-21401
9.8 - Critical
- February 13, 2024
Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability
Microsoft Outlook Elevation of Privilege Vulnerability
CVE-2024-21402
7.1 - High
- February 13, 2024
Microsoft Outlook Elevation of Privilege Vulnerability
.NET Denial of Service Vulnerability
CVE-2024-21404
7.5 - High
- February 13, 2024
.NET Denial of Service Vulnerability
Microsoft Office Remote Code Execution Vulnerability
CVE-2024-20673
7.8 - High
- February 13, 2024
Microsoft Office Remote Code Execution Vulnerability
Windows DNS Client Denial of Service Vulnerability
CVE-2024-21342
7.5 - High
- February 13, 2024
Windows DNS Client Denial of Service Vulnerability
Windows Hyper-V Denial of Service Vulnerability
CVE-2024-20684
6.5 - Medium
- February 13, 2024
Windows Hyper-V Denial of Service Vulnerability
Windows USB Generic Parent Driver Remote Code Execution Vulnerability
CVE-2024-21339
6.4 - Medium
- February 13, 2024
Windows USB Generic Parent Driver Remote Code Execution Vulnerability
Windows Kernel Remote Code Execution Vulnerability
CVE-2024-21341
6.8 - Medium
- February 13, 2024
Windows Kernel Remote Code Execution Vulnerability
Microsoft ActiveX Data Objects Remote Code Execution Vulnerability
CVE-2024-21349
8.8 - High
- February 13, 2024
Microsoft ActiveX Data Objects Remote Code Execution Vulnerability
Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability
CVE-2024-21315
7.8 - High
- February 13, 2024
Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability
Trusted Compute Base Elevation of Privilege Vulnerability
CVE-2024-21304
4.1 - Medium
- February 13, 2024
Trusted Compute Base Elevation of Privilege Vulnerability
Dynamics 365 Sales Spoofing Vulnerability
CVE-2024-21328
7.6 - High
- February 13, 2024
Dynamics 365 Sales Spoofing Vulnerability