Microsoft Makers of the Windows Operating System and hundreds of products that run on it.
Products by Microsoft Sorted by Most Security Vulnerabilities since 2018
Recent Microsoft Security Advisories
Advisory | Title | Published |
---|---|---|
CVE-2024-43489 | CVE-2024-43489 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | September 19, 2024 |
CVE-2024-43496 | CVE-2024-43496 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | September 19, 2024 |
CVE-2024-8907 | Chromium: CVE-2024-8907 Insufficient data validation in Omnibox | September 19, 2024 |
CVE-2024-8906 | Chromium: CVE-2024-8906 Incorrect security UI in Downloads | September 19, 2024 |
CVE-2024-8905 | Chromium: CVE-2024-8905 Inappropriate implementation in V8 | September 19, 2024 |
CVE-2024-8909 | Chromium: CVE-2024-8909 Inappropriate implementation in UI | September 19, 2024 |
CVE-2024-8908 | Chromium: CVE-2024-8908 Inappropriate implementation in Autofill | September 19, 2024 |
CVE-2024-8904 | Chromium: CVE-2024-8904 Type Confusion in V8 | September 19, 2024 |
CVE-2024-38221 | CVE-2024-38221 Microsoft Edge (Chromium-based) Spoofing Vulnerability | September 19, 2024 |
CVE-2024-38207 | CVE-2024-38207 Microsoft Edge (HTML-based) Memory Corruption Vulnerability | September 19, 2024 |
Known Exploited Microsoft Vulnerabilities
The following Microsoft vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.
Title | Description | Added |
---|---|---|
Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability | Microsoft SQL Server Reporting Services contains a deserialization vulnerability when handling page requests incorrectly. An authenticated attacker can exploit this vulnerability to execute code in the context of the Report Server service account. CVE-2020-0618 | September 18, 2024 |
Microsoft Windows MSHTML Platform Spoofing Vulnerability | Microsoft Windows MSHTML Platform contains a user interface (UI) misrepresentation of critical information vulnerability that allows an attacker to spoof a web page. This vulnerability was exploited in conjunction with CVE-2024-38112. CVE-2024-43461 | September 16, 2024 |
Microsoft Publisher Security Feature Bypass Vulnerability | Microsoft Publisher contains a security feature bypass vulnerability that allows attacker to bypass Office macro policies used to block untrusted or malicious files. CVE-2024-38226 | September 10, 2024 |
Microsoft Windows Installer Privilege Escalation Vulnerability | Microsoft Windows Installer contains a privilege escalation vulnerability that could allow an attacker to gain SYSTEM privileges. CVE-2024-38014 | September 10, 2024 |
Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability | Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability that allows an attacker to bypass MOTW-based defenses. This can result in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging. CVE-2024-38217 | September 10, 2024 |
Microsoft Windows Update Remote Code Execution Vulnerability | Microsoft Windows Update contains an unspecified vulnerability that allows for remote code execution. CVE-2024-43491 | September 10, 2024 |
Microsoft Exchange Server Information Disclosure Vulnerability | Microsoft Exchange Server contains an information disclosure vulnerability that allows for remote code execution. CVE-2021-31196 | August 21, 2024 |
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability | Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience via a malicious file. CVE-2024-38213 | August 13, 2024 |
Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability | Microsoft Windows Ancillary Function Driver for WinSock contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges. CVE-2024-38193 | August 13, 2024 |
Microsoft Windows Kernel Privilege Escalation Vulnerability | Microsoft Windows Kernel contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges. Successful exploitation of this vulnerability requires an attacker to win a race condition. CVE-2024-38106 | August 13, 2024 |
Microsoft Windows Scripting Engine Memory Corruption Vulnerability | Microsoft Windows Scripting Engine contains a memory corruption vulnerability that allows unauthenticated attacker to initiate remote code execution via a specially crafted URL. CVE-2024-38178 | August 13, 2024 |
Microsoft Project Remote Code Execution Vulnerability | Microsoft Project contains an unspecified vulnerability that allows for remote code execution via a malicious file. CVE-2024-38189 | August 13, 2024 |
Microsoft Windows Power Dependency Coordinator Privilege Escalation Vulnerability | Microsoft Windows Power Dependency Coordinator contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to obtain SYSTEM privileges. CVE-2024-38107 | August 13, 2024 |
Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability | Microsoft COM for Windows contains a deserialization of untrusted data vulnerability that allows for privilege escalation and remote code execution via a specially crafted file or script. CVE-2018-0824 | August 5, 2024 |
Microsoft Internet Explorer Use-After-Free Vulnerability | Microsoft Internet Explorer contains a use-after-free vulnerability that allows a remote attacker to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object. CVE-2012-4792 | July 23, 2024 |
Microsoft Windows MSHTML Platform Spoofing Vulnerability | Microsoft Windows MSHTML Platform contains a spoofing vulnerability that has a high impact to confidentiality, integrity, and availability. CVE-2024-38112 | July 9, 2024 |
Microsoft Windows Hyper-V Privilege Escalation Vulnerability | Microsoft Windows Hyper-V contains a privilege escalation vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges. CVE-2024-38080 | July 9, 2024 |
Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability | Microsoft Windows Error Reporting Service contains an improper privilege management vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges. CVE-2024-26169 | June 13, 2024 |
Microsoft Windows MSHTML Platform Security Feature Bypass Vulnerability | Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for a security feature bypass. CVE-2024-30040 | May 14, 2024 |
Microsoft DWM Core Library Privilege Escalation Vulnerability | Microsoft DWM Core Library contains a privilege escalation vulnerability that allows an attacker to gain SYSTEM privileges. CVE-2024-30051 | May 14, 2024 |
By the Year
In 2024 there have been 1002 vulnerabilities in Microsoft with an average score of 7.5 out of ten. Last year Microsoft had 1464 security vulnerabilities published. Right now, Microsoft is on track to have less security vulnerabilities in 2024 than it did last year. However, the average CVE base score of the vulnerabilities in 2024 is greater by 0.26.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 1002 | 7.53 |
2023 | 1464 | 7.27 |
2022 | 1299 | 7.44 |
2021 | 1111 | 7.45 |
2020 | 1207 | 7.26 |
2019 | 761 | 7.21 |
2018 | 580 | 6.89 |
It may take a day or so for new Microsoft vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Security Vulnerabilities
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2024-43489
6.5 - Medium
- September 19, 2024
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Object Type Confusion
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2024-43496
6.5 - Medium
- September 19, 2024
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Memory Corruption
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2024-38221
4.3 - Medium
- September 19, 2024
Microsoft Edge (Chromium-based) Spoofing Vulnerability
XSS
Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2024-38016
7.8 - High
- September 19, 2024
Microsoft Office Visio Remote Code Execution Vulnerability
Authorization
Windows Kernel Information Disclosure Vulnerability
CVE-2024-37985
5.9 - Medium
- September 17, 2024
Windows Kernel Information Disclosure Vulnerability
Processor Optimization Removal or Modification of Security-critical Code
Incorrect security UI in Downloads in Google Chrome prior to 129.0.6668.58
CVE-2024-8906
- September 17, 2024
Incorrect security UI in Downloads in Google Chrome prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58
CVE-2024-8907
- September 17, 2024
Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (XSS) via a crafted set of UI gestures. (Chromium security severity: Medium)
Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.58
CVE-2024-8905
- September 17, 2024
Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in UI in Google Chrome on iOS prior to 129.0.6668.58
CVE-2024-8909
- September 17, 2024
Inappropriate implementation in UI in Google Chrome on iOS prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Inappropriate implementation in Autofill in Google Chrome prior to 129.0.6668.58
CVE-2024-8908
- September 17, 2024
Inappropriate implementation in Autofill in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Type Confusion in V8 in Google Chrome prior to 129.0.6668.58
CVE-2024-8904
- September 17, 2024
Type Confusion in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Improper authorization in Dynamics 365 Business Central resulted in a vulnerability
CVE-2024-43460
8.1 - High
- September 17, 2024
Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows an authenticated attacker to elevate privileges over a network.
An improper access control vulnerability in GroupMe
CVE-2024-38183
8.8 - High
- September 17, 2024
An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.
XSPA
A mishandling of IRP requests vulnerability exists in the HDAudBus_DMA interface of Microsoft High Definition Audio Bus Driver 10.0.19041.3636 (WinBuild.160101.0800)
CVE-2024-45383
5 - Medium
- September 12, 2024
A mishandling of IRP requests vulnerability exists in the HDAudBus_DMA interface of Microsoft High Definition Audio Bus Driver 10.0.19041.3636 (WinBuild.160101.0800). A specially crafted application can issue multiple IRP Complete requests which leads to a local denial-of-service. An attacker can execute malicious script/application to trigger this vulnerability.
Improper Control of a Resource Through its Lifetime
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
CVE-2024-38222
6.5 - Medium
- September 12, 2024
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Incorrect Default Permissions
Use after free in Media Router in Google Chrome on Android prior to 128.0.6613.137
CVE-2024-8637
8.8 - High
- September 11, 2024
Use after free in Media Router in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Type Confusion in V8 in Google Chrome prior to 128.0.6613.137
CVE-2024-8638
8.8 - High
- September 11, 2024
Type Confusion in V8 in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Use after free in Autofill in Google Chrome on Android prior to 128.0.6613.137
CVE-2024-8639
8.8 - High
- September 11, 2024
Use after free in Autofill in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.137
CVE-2024-8636
8.8 - High
- September 11, 2024
Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Windows Remote Desktop Licensing Service Denial of Service Vulnerability
CVE-2024-38231
7.5 - High
- September 10, 2024
Windows Remote Desktop Licensing Service Denial of Service Vulnerability
AuthZ
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
CVE-2024-37338
8.8 - High
- September 10, 2024
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
Out-of-bounds Read
Microsoft SQL Server Native Scoring Information Disclosure Vulnerability
CVE-2024-37966
7.1 - High
- September 10, 2024
Microsoft SQL Server Native Scoring Information Disclosure Vulnerability
Out-of-bounds Read
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
CVE-2024-37335
8.8 - High
- September 10, 2024
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
CVE-2024-37340
8.8 - High
- September 10, 2024
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
Untrusted Pointer Dereference
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
CVE-2024-37339
8.8 - High
- September 10, 2024
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
Microsoft SQL Server Native Scoring Information Disclosure Vulnerability
CVE-2024-37337
7.1 - High
- September 10, 2024
Microsoft SQL Server Native Scoring Information Disclosure Vulnerability
Numeric Truncation Error
Microsoft SQL Server Native Scoring Information Disclosure Vulnerability
CVE-2024-37342
7.1 - High
- September 10, 2024
Microsoft SQL Server Native Scoring Information Disclosure Vulnerability
Out-of-bounds Read
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
CVE-2024-26186
8.8 - High
- September 10, 2024
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
Dangling pointer
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
CVE-2024-26191
8.8 - High
- September 10, 2024
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2024-38018
8.8 - High
- September 10, 2024
Microsoft SharePoint Server Remote Code Execution Vulnerability
Marshaling, Unmarshaling
Azure Stack Hub Elevation of Privilege Vulnerability
CVE-2024-38216
9 - Critical
- September 10, 2024
Azure Stack Hub Elevation of Privilege Vulnerability
Improper Input Validation
Azure Stack Hub Elevation of Privilege Vulnerability
CVE-2024-38220
9 - Critical
- September 10, 2024
Azure Stack Hub Elevation of Privilege Vulnerability
Authorization
Azure Network Watcher VM Agent Elevation of Privilege Vulnerability
CVE-2024-38188
7.1 - High
- September 10, 2024
Azure Network Watcher VM Agent Elevation of Privilege Vulnerability
insecure temporary file
Windows Standards-Based Storage Management Service Denial of Service Vulnerability
CVE-2024-38230
7.5 - High
- September 10, 2024
Windows Standards-Based Storage Management Service Denial of Service Vulnerability
Improper Input Validation
DHCP Server Service Denial of Service Vulnerability
CVE-2024-38236
7.5 - High
- September 10, 2024
DHCP Server Service Denial of Service Vulnerability
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
CVE-2024-38240
9.8 - Critical
- September 10, 2024
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
Out-of-bounds Read
Kernel Streaming Service Driver Elevation of Privilege Vulnerability
CVE-2024-38241
7.8 - High
- September 10, 2024
Kernel Streaming Service Driver Elevation of Privilege Vulnerability
Improper Input Validation
Kernel Streaming Service Driver Elevation of Privilege Vulnerability
CVE-2024-38242
7.8 - High
- September 10, 2024
Kernel Streaming Service Driver Elevation of Privilege Vulnerability
Heap-based Buffer Overflow
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2024-38249
7.8 - High
- September 10, 2024
Windows Graphics Component Elevation of Privilege Vulnerability
Dangling pointer
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2024-38250
7.8 - High
- September 10, 2024
Windows Graphics Component Elevation of Privilege Vulnerability
Buffer Over-read
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
CVE-2024-38252
7.8 - High
- September 10, 2024
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
Dangling pointer
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
CVE-2024-38253
7.8 - High
- September 10, 2024
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
Windows Authentication Information Disclosure Vulnerability
CVE-2024-38254
6.2 - Medium
- September 10, 2024
Windows Authentication Information Disclosure Vulnerability
Use of Uninitialized Resource
Windows Kernel-Mode Driver Information Disclosure Vulnerability
CVE-2024-38256
5.5 - Medium
- September 10, 2024
Windows Kernel-Mode Driver Information Disclosure Vulnerability
Use of Uninitialized Resource
Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2024-43463
7.8 - High
- September 10, 2024
Microsoft Office Visio Remote Code Execution Vulnerability
Dangling pointer
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2024-43464
7.2 - High
- September 10, 2024
Microsoft SharePoint Server Remote Code Execution Vulnerability
Marshaling, Unmarshaling
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
CVE-2024-43467
7.5 - High
- September 10, 2024
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
Race Condition
Microsoft SQL Server Information Disclosure Vulnerability
CVE-2024-43474
7.6 - High
- September 10, 2024
Microsoft SQL Server Information Disclosure Vulnerability
Improper Null Termination
Microsoft Outlook for iOS Information Disclosure Vulnerability
CVE-2024-43482
6.5 - Medium
- September 10, 2024
Microsoft Outlook for iOS Information Disclosure Vulnerability
AuthZ
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
CVE-2024-43492
7.8 - High
- September 10, 2024
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
Authorization
Microsoft Excel Elevation of Privilege Vulnerability
CVE-2024-43465
7.8 - High
- September 10, 2024
Microsoft Excel Elevation of Privilege Vulnerability
Dangling pointer
Microsoft SQL Server Elevation of Privilege Vulnerability
CVE-2024-37965
8.8 - High
- September 10, 2024
Microsoft SQL Server Elevation of Privilege Vulnerability
Improper Input Validation
Microsoft SQL Server Elevation of Privilege Vulnerability
CVE-2024-37341
8.8 - High
- September 10, 2024
Microsoft SQL Server Elevation of Privilege Vulnerability
Authorization
Windows Installer Elevation of Privilege Vulnerability
CVE-2024-38014
7.8 - High
- September 10, 2024
Windows Installer Elevation of Privilege Vulnerability
Improper Privilege Management
PowerShell Elevation of Privilege Vulnerability
CVE-2024-38046
7.8 - High
- September 10, 2024
PowerShell Elevation of Privilege Vulnerability
Windows Mark of the Web Security Feature Bypass Vulnerability
CVE-2024-38217
5.4 - Medium
- September 10, 2024
Windows Mark of the Web Security Feature Bypass Vulnerability
Protection Mechanism Failure
Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
CVE-2024-38225
9.8 - Critical
- September 10, 2024
Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
authentification
Microsoft Publisher Security Feature Bypass Vulnerability
CVE-2024-38226
7.3 - High
- September 10, 2024
Microsoft Publisher Security Feature Bypass Vulnerability
Protection Mechanism Failure
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2024-38227
7.2 - High
- September 10, 2024
Microsoft SharePoint Server Remote Code Execution Vulnerability
Command Injection
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2024-38228
7.2 - High
- September 10, 2024
Microsoft SharePoint Server Remote Code Execution Vulnerability
Command Injection
Microsoft SQL Server Elevation of Privilege Vulnerability
CVE-2024-37980
8.8 - High
- September 10, 2024
Microsoft SQL Server Elevation of Privilege Vulnerability
An authenticated attacker
CVE-2024-38194
9.9 - Critical
- September 10, 2024
An authenticated attacker can exploit an improper authorization vulnerability in Azure Web Apps to elevate privileges over a network.
Improper Input Validation
Windows libarchive Remote Code Execution Vulnerability
CVE-2024-43495
7.3 - High
- September 10, 2024
Windows libarchive Remote Code Execution Vulnerability
Integer Overflow or Wraparound
Microsoft is aware of a vulnerability in Servicing Stack
CVE-2024-43491
9.8 - Critical
- September 10, 2024
Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015). This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024KB5035858 (OS Build 10240.20526) or other updates released until August 2024. All later versions of Windows 10 are not impacted by this vulnerability. This servicing stack vulnerability is addressed by installing the September 2024 Servicing stack update (SSU KB5043936) AND the September 2024 Windows security update (KB5043083), in that order. Note: Windows 10, version 1507 reached the end of support (EOS) on May 9, 2017 for devices running the Pro, Home, Enterprise, Education, and Enterprise IoT editions. Only Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB editions are still under support.
Dangling pointer
Windows Mark of the Web Security Feature Bypass Vulnerability
CVE-2024-43487
6.5 - Medium
- September 10, 2024
Windows Mark of the Web Security Feature Bypass Vulnerability
Protection Mechanism Failure
Windows Security Zone Mapping Security Feature Bypass Vulnerability
CVE-2024-30073
7.8 - High
- September 10, 2024
Windows Security Zone Mapping Security Feature Bypass Vulnerability
Improper Resolution of Path Equivalence
Microsoft Power Automate Desktop Remote Code Execution Vulnerability
CVE-2024-43479
8.5 - High
- September 10, 2024
Microsoft Power Automate Desktop Remote Code Execution Vulnerability
Authorization
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2024-43476
5.4 - Medium
- September 10, 2024
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
XSS
Microsoft Windows Admin Center Information Disclosure Vulnerability
CVE-2024-43475
7.3 - High
- September 10, 2024
Microsoft Windows Admin Center Information Disclosure Vulnerability
Buffer Over-read
Azure Network Watcher VM Agent Elevation of Privilege Vulnerability
CVE-2024-43470
7.3 - High
- September 10, 2024
Azure Network Watcher VM Agent Elevation of Privilege Vulnerability
Azure CycleCloud Remote Code Execution Vulnerability
CVE-2024-43469
8.8 - High
- September 10, 2024
Azure CycleCloud Remote Code Execution Vulnerability
Code Injection
Microsoft SharePoint Server Denial of Service Vulnerability
CVE-2024-43466
7.5 - High
- September 10, 2024
Microsoft SharePoint Server Denial of Service Vulnerability
Marshaling, Unmarshaling
Windows MSHTML Platform Spoofing Vulnerability
CVE-2024-43461
8.8 - High
- September 10, 2024
Windows MSHTML Platform Spoofing Vulnerability
User Interface (UI) Misrepresentation of Critical Information
Windows Networking Information Disclosure Vulnerability
CVE-2024-43458
7.7 - High
- September 10, 2024
Windows Networking Information Disclosure Vulnerability
Use of Uninitialized Resource
Windows Setup and Deployment Elevation of Privilege Vulnerability
CVE-2024-43457
7.8 - High
- September 10, 2024
Windows Setup and Deployment Elevation of Privilege Vulnerability
Unquoted Search Path or Element
Windows Remote Desktop Licensing Service Spoofing Vulnerability
CVE-2024-43455
9.8 - Critical
- September 10, 2024
Windows Remote Desktop Licensing Service Spoofing Vulnerability
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
CVE-2024-43454
7.1 - High
- September 10, 2024
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
Relative Path Traversal
Windows Network Address Translation (NAT) Remote Code Execution Vulnerability
CVE-2024-38119
7.5 - High
- September 10, 2024
Windows Network Address Translation (NAT) Remote Code Execution Vulnerability
Dangling pointer
Windows TCP/IP Remote Code Execution Vulnerability
CVE-2024-38045
8.1 - High
- September 10, 2024
Windows TCP/IP Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
CVE-2024-38263
7.5 - High
- September 10, 2024
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
Sensitive Data Storage in Improperly Locked Memory
Windows Networking Denial of Service Vulnerability
CVE-2024-38232
7.5 - High
- September 10, 2024
Windows Networking Denial of Service Vulnerability
NULL Pointer Dereference
Windows Networking Denial of Service Vulnerability
CVE-2024-38233
7.5 - High
- September 10, 2024
Windows Networking Denial of Service Vulnerability
NULL Pointer Dereference
Windows Networking Denial of Service Vulnerability
CVE-2024-38234
6.5 - Medium
- September 10, 2024
Windows Networking Denial of Service Vulnerability
Improper Input Validation
Windows Hyper-V Denial of Service Vulnerability
CVE-2024-38235
6.5 - Medium
- September 10, 2024
Windows Hyper-V Denial of Service Vulnerability
Dangling pointer
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
CVE-2024-38237
7.8 - High
- September 10, 2024
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
Heap-based Buffer Overflow
Kernel Streaming Service Driver Elevation of Privilege Vulnerability
CVE-2024-38238
7.8 - High
- September 10, 2024
Kernel Streaming Service Driver Elevation of Privilege Vulnerability
Heap-based Buffer Overflow
Windows Kerberos Elevation of Privilege Vulnerability
CVE-2024-38239
7.2 - High
- September 10, 2024
Windows Kerberos Elevation of Privilege Vulnerability
1390
Kernel Streaming Service Driver Elevation of Privilege Vulnerability
CVE-2024-38243
7.8 - High
- September 10, 2024
Kernel Streaming Service Driver Elevation of Privilege Vulnerability
Improper Input Validation
Kernel Streaming Service Driver Elevation of Privilege Vulnerability
CVE-2024-38244
7.8 - High
- September 10, 2024
Kernel Streaming Service Driver Elevation of Privilege Vulnerability
Improper Input Validation
Win32k Elevation of Privilege Vulnerability
CVE-2024-38246
7 - High
- September 10, 2024
Win32k Elevation of Privilege Vulnerability
Stack Overflow
Kernel Streaming Service Driver Elevation of Privilege Vulnerability
CVE-2024-38245
7.8 - High
- September 10, 2024
Kernel Streaming Service Driver Elevation of Privilege Vulnerability
Windows TCP/IP Remote Code Execution Vulnerability
CVE-2024-21416
8.1 - High
- September 10, 2024
Windows TCP/IP Remote Code Execution Vulnerability
Heap-based Buffer Overflow
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
CVE-2024-38260
8.8 - High
- September 10, 2024
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
Use of Uninitialized Resource
Microsoft Management Console Remote Code Execution Vulnerability
CVE-2024-38259
8.8 - High
- September 10, 2024
Microsoft Management Console Remote Code Execution Vulnerability
Dangling pointer
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2024-38247
7.8 - High
- September 10, 2024
Windows Graphics Component Elevation of Privilege Vulnerability
Double-free
Windows Remote Desktop Licensing Service Information Disclosure Vulnerability
CVE-2024-38258
7.5 - High
- September 10, 2024
Windows Remote Desktop Licensing Service Information Disclosure Vulnerability
Relative Path Traversal
Microsoft AllJoyn API Information Disclosure Vulnerability
CVE-2024-38257
7.5 - High
- September 10, 2024
Microsoft AllJoyn API Information Disclosure Vulnerability
Use of Uninitialized Resource
Windows Storage Elevation of Privilege Vulnerability
CVE-2024-38248
7 - High
- September 10, 2024
Windows Storage Elevation of Privilege Vulnerability
Dangling pointer
Acrobat Reader versions 127.0.2651.105 and earlier are affected by an out-of-bounds write vulnerability
CVE-2024-41879
7.8 - High
- August 26, 2024
Acrobat Reader versions 127.0.2651.105 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Memory Corruption