Request a Demo
Rewterz
NGate Malware: Unprecedented Threat to Financial Security and Privacy – Active IOCs
August 23, 2024
Rewterz
NJRAT – Active IOCs
August 23, 2024

Multiple Microsoft Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-38137 CVSS:7

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in Resource Manager PSM Service Extension component. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2024-38126 CVSS:7.5

Microsoft Windows is vulnerable to a denial of service, caused by a flaw in Network Address Translation (NAT) component. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2024-38193 CVSS:7.8

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, cause by a flaw in the Ancillary Function Driver for WinSock component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2024-38170 CVSS:7.1

Microsoft Excel could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-6768 CVSS:5.5

Microsoft Windows is vulnerable to a denial of service, caused by an error in CLFS.sys. By using a forced call to the KeBugCheckEx function, a local authenticated attacker could exploit this vulnerability to cause a Blue Screen of Death.

CVE-2024-38133 CVSS:7.8

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in Kernel component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2024-37968 CVSS:7.5

Microsoft Windows DNS could allow a remote attacker to conduct spoofing attacks.

CVE-2024-38084 CVSS:7.8

Microsoft OfficePlus could allow a local authenticated attacker to gain elevated privileges on the system. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2024-38108 CVSS:8.1

Microsoft Azure Stack could allow a remote authenticated attacker to conduct spoofing attacks.

CVE-2024-38147 CVSS:7.8

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, cause by a flaw in the DWM Core Library component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2024-38125 CVSS:7.8

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, cause by a flaw in the Streaming WOW Thunk Service Driver component. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2024-38122 CVSS:5.5

Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Local Security Authority (LSA) Server component. By executing a specially crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.

CVE-2024-38132 CVSS:7.5

Microsoft Windows is vulnerable to a denial of service, caused by a flaw in Network Address Translation (NAT) component. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2024-38196 CVSS:7.8

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, cause by a flaw in the Common Log File System Driver component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2024-38154 CVSS:8.8

Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Routing and Remote Access Service (RRAS) component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-38114 CVSS:8.8

Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the IP Routing Management Snapin component. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-38186 CVSS:7.8

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in Kernel-Mode Driver component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2024-38195 CVSS:7.8

Microsoft Azure CycleCloud could allow a local authenticated attacker to execute arbitrary code on the system, caused by a flaw in the xxx component. By executing a specially crafted program, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-38123 CVSS:4.4

Microsoft Windows could allow a remote authenticated attacker from within the local network to obtain sensitive information, caused by a flaw in the Bluetooth Driver component. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.

CVE-2024-38130 CVSS:8.8

Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Routing and Remote Access Service (RRAS) component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-38142 CVSS:7.8

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in Secure Kernel Mode component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2024-38198 CVSS:7.5

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in Print Spooler component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2024-38199 CVSS:9.8

Microsoft could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Line Printer Daemon (LPD) Service component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-38215 CVSS:7.8

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Cloud Files Mini Filter Driver component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2024-38197 CVSS:6.5

Microsoft Teams for iOS could allow a remote attacker to conduct spoofing attacks.

CVE-2024-38150 CVSS:7.8

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, cause by a flaw in the DWM Core Library component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2024-38098 CVSS:7.8

Microsoft Azure Connected Machine Agent could allow a local authenticated attacker to gain elevated privileges on the system. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2024-38127 CVSS:7.8

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in Hyper-V component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2024-38165 CVSS:6.5

Microsoft Windows could allow a remote attacker to bypass security restrictions. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to temper compressed folder.

CVE-2024-38121 CVSS:8.8

Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Routing and Remote Access Service (RRAS) component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-38153 CVSS:7.8

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in Kernel component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2024-38202 CVSS:7.3

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by an error in Windows Backup. By persuading a victim into performing a system restore, an attacker could exploit this vulnerability to gain SYSTEM privileges.

CVE-2024-21302 CVSS:6.7

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in Secure Kernel Mode component. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2024-38219 CVSS:6.5

Microsoft Edge (Chromium-based) could allow a remote attacker to execute arbitrary code on the system, caused by a type confusion error. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-38218 CVSS:8.4

Microsoft Edge (HTML-based) could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Impact

  • Denial of Service
  • Gain Access
  • Code Execution
  • Security Bypass
  • Privilege Escalation
  • Information Disclosure

Indicators of Compromise

CVE

  • CVE-2024-38137
  • CVE-2024-38126
  • CVE-2024-38193
  • CVE-2024-38170
  • CVE-2024-6768
  • CVE-2024-38133
  • CVE-2024-37968
  • CVE-2024-38084
  • CVE-2024-38108
  • CVE-2024-38147
  • CVE-2024-38125
  • CVE-2024-38122
  • CVE-2024-38132
  • CVE-2024-38196
  • CVE-2024-38154
  • CVE-2024-38114
  • CVE-2024-38186
  • CVE-2024-38195
  • CVE-2024-38123
  • CVE-2024-38130
  • CVE-2024-38142
  • CVE-2024-38198
  • CVE-2024-38199
  • CVE-2024-38215
  • CVE-2024-38197
  • CVE-2024-38150
  • CVE-2024-38098
  • CVE-2024-38127
  • CVE-2024-38165
  • CVE-2024-38121
  • CVE-2024-38153
  • CVE-2024-38202
  • CVE-2024-21302
  • CVE-2024-38219
  • CVE-2024-38128

Affected Vendors

Microsoft

Affected Products

  • Microsoft Windows 10 for 32-bit Systems
  • Microsoft Windows 10 for x64-based Systems
  • Microsoft Office LTSC for Mac 2021
  • Microsoft Teams for IOS
  • Microsoft Azure Connected Machine Agent
  • Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2
  • Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
  • Microsoft Windows Server 2008 for x64-based Systems Service Pack 2
  • Microsoft 365 Apps for Enterprise for 32-bit Systems
  • Microsoft 365 Apps for Enterprise for 64-bit Systems
  • Microsoft Edge (Chromium-based) 127.0.2651.98
  • Microsoft Windows 10 Version 1507 - 10.0.0
  • Microsoft Windows 10 Version 1607 - 10.0.0
  • Microsoft Windows 10 Version 1809 - 10.0.0
  • Microsoft Windows 10 Version 1809 for 32-bit Systems - 1809
  • Microsoft Windows 10 Version 1809 for ARM64-based Systems - 1809
  • Microsoft Windows 10 Version 1809 for x64-based Systems - 1809
  • Microsoft 365 Apps for Enterprise - 16.0.1
  • Microsoft Windows 10 Version 21H2 - 10.0.0
  • Microsoft Windows 10 Version 21H2 for 32-bit Systems - 21H2
  • Microsoft Windows 10 Version 21H2 for 32-bit Systems - 21H2 Microsoft Windows 10 Version 21H2 for ARM64-based Systems - 21H2
  • Microsoft Windows 10 Version 21H2 for x64-based Systems - 21H2
  • Microsoft Azure Connected Machine Agent - 1.0.0
  • Microsoft Windows 10 - 10.0.0
  • Microsoft Windows 11 - 10.0.0
  • Microsoft Windows Server 2016 - 10.0.0
  • Microsoft Windows Server 2019 - 10.0.0
  • Microsoft Windows Server 2008 Service Pack 2 - 6.0.0
  • Microsoft OfficePLUS
  • Microsoft Azure Stack
  • Microsoft Azure CycleCloud - 1.0.0
  • Microsoft Azure CycleCloud 8.0.0 - 8.0.0
  • Microsoft Azure CycleCloud 8.0.1 - 8.0.1
  • Microsoft Azure CycleCloud 8.0.2 - 8.0.2
  • Microsoft Windows 11 Version 24H2 - 10.0.0
  • Microsoft Windows 11 Version 24H2 for ARM64-based Systems on Windows 11 Version 24H2 for ARM64-based Systems - 24H2
  • Microsoft Windows 11 Version 24H2 for x64-based Systems - 24H2
  • Microsoft Teams for iOS - 2.0.0

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.

CVE-2024-38137

CVE-2024-38126

CVE-2024-38193

CVE-2024-38170

CVE-2024-6768

CVE-2024-38133

CVE-2024-37968

CVE-2024-38084

CVE-2024-38108

CVE-2024-38147

CVE-2024-38125

CVE-2024-38122

CVE-2024-38132

CVE-2024-38196

CVE-2024-38154

CVE-2024-38114

CVE-2024-38186

CVE-2024-38195

CVE-2024-38123

CVE-2024-38130

CVE-2024-38142

CVE-2024-38198

CVE-2024-38199

CVE-2024-38215

CVE-2024-38197

CVE-2024-38150

CVE-2024-38098

CVE-2024-38127

CVE-2024-38165

CVE-2024-38121

CVE-2024-38153

CVE-2024-38202

CVE-2024-21302

CVE-2024-38219

CVE-2024-38128